This is step 6 of setting up a fully working Brand in Studio Server for everyday use in a standard workflow environment. (See a list of all steps)
When users want to use Studio, Studio for InDesign or InCopy, or any other application that connects to Studio Server, they need to be added to at least one Brand that is set up on that server.
Adding a user to a Brand is done by making that user part of a user group and assigning that group to the Brand.
This is accomplished by setting up an Authorization Rule: a combination of a Category, Workflow Status and an Access Profile. Together, they define what actions a user is allowed to perform on a file while that file is part of that Category and Workflow Status combination.
Typically, multiple Authorization Rules are set up: one for each specific scenario.
The total 'result' of all these Authorization Rules eventually defines what a user is allowed to do (and thereby what a user is not allowed to do).
Example: An Authorization Rule could for instance look as follows:
Category 'Finance' + Status 'Ready for Publishing' + Profile 'Publishing' (in which the functionality of publishing is enabled).
This means that when a user group is added under this rule, users of this group can publish any files that belong to Category 'Finance' and that are set to a Status of 'Ready for Publishing'. Files that belong to another Category or Status cannot be published, as long as this is not defined in any subsequent Rules that apply to that user group.
Note: As the first step in setting up your authorizations, we strongly advise to analyze your workflow, user groups, and the required access control on paper.
About minimizing the number of rules to set up
Users can be assigned to multiple user groups. Using this efficiently, it minimizes the number of Authorization Rules you need to specify, and thereby makes the setup and maintenance more manageable.
By introducing a user group such as 'All' or 'All for <my Brand>', generic access control can be set such as 'Listed in Search Results' and/or 'Read' rights for everybody involved with the Brand. This again minimizes the number of required Authorization Rules.
Because of this, it is good practice to grant 'Read' access rights to every file for everybody working in a Brand in order to make sure that the system can access files if needed. The 'Listed in Search Results' access can subsequently be used to determine which files are shown to the user. Without the 'Listed in Search Results' access, the user won't see a file and thus cannot open it.
Step 1. Make sure that the following is in place:
- Each user is added to Studio Server as a user. See Managing user accounts.
- User groups have been created that hold all users who will be granted access to a Brand using a specific Access Profile. See Managing user groups.
- Access Profiles have been set up, each defining what a user can and cannot do. See Managing Access Profiles.
Step 2. Access the Brand Maintenance page for the Brand in which you want to add User Authorizations by doing the following:
Step 1a. In the Maintenance menu or on the Home page, click Brands. The Brands page appears.
Step 1b. Click the name of the Brand. The Brand Maintenance page appears.
Step 3. Locate the User Authorization options.
Since we are working with a newly created Brand/Issue, no User Authorizations exist yet.
Step 4. Click Add.
The Authorization Maintenance page appears.
Step 5. From the User Groups list, choose the group for which Authorization Rules need to be created.
Lists appear in the Category, Status, and Profile columns for setting up the rule.
Step 6. Make the relevant choices from each list.
Step 7. Add the Authorization Rule by doing one of the following:
- Click the Add Authorization button. This will save the currently added rule and automatically display a new row of lists for adding a new rule.
- Click the Update button. This will save the currently added rule without displaying a new row of lists.
Step 8. When finished adding rules, return to the Brand Maintenance page.
Step 7. Assigning Admin Authorizations.