Before they can do this, they need to be given access to these clients and the stored files. This is done by adding the users or user groups to Assets Server and subsequently defining Permissions for these users or user groups. Such Permissions control access to:
- Client applications and their features
- Folders and files in Assets Server
- Metadata fields
- Presets for downloading images
This article describes how to control user access to folders and files.
Access to folders and/or files and controlling the actions that can be performed on them is done through 'Rules'.
The process of managing Rules comes in two parts:
- Setting up a Rule. Here you will define the folders and/or files that should be given access to.
- Assigning a Rule to users or user groups. Here you will define which actions can be performed on the folders and/or files.
Managing Rules is done on the User page or the User Groups pages of the Management Console.
Step 1. Access the Management Console .
Step 2. In the menu on the left of the page, choose Permissions followed by User Groups or Users.
Figure: The Users page in the Management Console.
Setting up a Rule
Before you can assign a Rule, it needs to be set up.
This can be done in the following ways:
- By specifying a folder within the Assets Server structure. Access will then be granted to the folder including all its sub folders and files.
- By constructing a metadata query. This is a way of fine-tuning access, for instance by only allowing access to files that have a status of 'Production'.
- By specifying a folder and constructing a metadata query. Similar to the separate rules above, but now combined into one rule.
Setting up a Rule can be done either on the User Groups page or the Users page. Any Rule that is created on one page is also available on the other page.
Step 1. Access the User page or the User Group page.
Step 2. Select Rules from the menu.
Step 3. Do one of the following:
- Create a new Rule by clicking the + sign at the bottom of the lists of presets
- Edit an existing Rule by clicking it
The Rule window appears.
Step 4. Make sure that the Rule information tab is selected.
Step 5. Set up your Rule by entering a descriptive name, setting up a folder restriction, setting up a query restriction, or setting up combined folder and query restriction.
Step 5a. Click the + sign.
Step 5b. Browse to the folder that you want to give access to.
Step 5c. Click Select.
Step 5d. (Optional) Add additional folder locations.
Enter your query in the Metadata query box.
Tip: Quickly locate metadata fields to include by searching for them in the Fields overview list. Clicking a found field will automatically add it to the Query box.
For information about constructing queries, see The Elvis 6 query syntax.
Note: Using wildcard queries in a query restriction is not supported; these slow down searches too much and will affect every search done on the system.
Example: To restrict access only to files that have a status of 'production', add the following query:
Step 6. (Optional) Test your Rule by clicking Test query.
Step 7. Click Next.
The Permissions tab appears for assigning the Rule to users or user groups.
Step 8. Continue by following the Assigning a Rule section below.
Rules are assigned to users and user groups as part of assigning Permissions. This is done in the User Groups or Users page in the Management console.
Note: Applying rules to users affects the time it takes to do searches and get search results. Assigning many or complex rules to a single user or user group will negatively impact search performance for that user or user group.
Assigning a Rule can be done manually or as part of copying Permissions from an existing user or user group.
Step 1. On the Users page or on the User Groups page, click a Rule that you want to assign to a user or user group.
Tip: Use the Filter to quickly find a user or user group.
In certain scenarios, the following error can appear:
LDAP search failed: The number of search results exceeds the Active Directory limit. Modify your search to limit the number of results.
For more information, see LDAP search failed" error when searching for users in Assets Server.
The Rule window is shown with the Permissions tab opened, showing all users and user groups (if any) to which the Rule is currently assigned.
Step 2. Click the + sign.
The Select users and groups window appears.
Step 3. Select one or more users or user groups and click Add.
Step 4. For each user or user group that was added, define what they are allowed to do by selecting or clearing the available check boxes. For an explanation of each option, see Permission types below.
Tip: Hover the mouse over an icon to see a short explanation about that option.
Step 5. When done, click Save.
Copying Permissions is an efficient way of quickly assigning an existing set Permissions to a user or group.
Warning: When copying, all existing Permissions for that user or user group will be replaced.
Step 1. From the list of users or user groups, choose the user or group from which you want to copy the assigned Permissions.
Step 2. At the bottom of the list, click the Copy button.
The 'Copy Permissions To' window appears.
Step 3. From the list of users or groups, choose the user or group to which you want to copy the Permissions.
Step 4. In the list of Permissions, select which type of Permissions should be copied.
Step 5. Click Copy.
The Permissions are copied.
Allows users to view content.
Note: Be careful assigning View permissions to Rules that only contain a query restriction (and not a folder restriction). Doing so allows users to view all files, including those in other users' zones (a long as the files match the query).
|View preview||Allows user to view content in ‘preview’ size.|
|Hide Watermark||(Only available when applying watermarks to images is enabled in Assets Server). Allows users to see images without a watermark.|
(Can only be set when 'Hide watermarks' is also set, see above.) Allows the user to perform the following tasks:
1 Also requires the 'Edit' permission to be set.
Allows the user to edit metadata of files, such as modifying data in metadata fields.
Note: Which metadata fields can be edited is controlled by assigning Edit permission for each field.
Allows the user to perform the following tasks:
1 Also requires the 'Use original' permission to be set.
Allows user to rename files or Collections.
Note: To rename folders users need 'Move' permission because it changes the location of all the files within the folder.
Allows user to move files or folders.
Note: The user needs to have permission on the source folder and the destination folder.
Allows the user to perform the following tasks:
|Delete||Allows the user to delete content, versions of files or Collections.|
In the following examples, 4 Rules have been set up:
- A query restriction based on Status = 'Production'
- A folder restriction on the Archive folder
- A folder restriction on the Images & Video folder
- A folder restriction on the Documents folder
Consider that we have the following user groups to assign permissions to:
During our preparation it was decided that the these groups should have the following permissions:
- All groups should be able to view content in the Archive folder.
- Designers should be able to view, preview, create, rename and move content in the Images & Videos folder.
- Photographers should be able to view, preview, create and rename content in the Images & Videos folder. They should also be able to edit the metadata of their files.
- Editors should be able to view, preview and create content in the Documents folder.
- Designers and editors should be able to preview, download, copy, check-out and restore versions of all files that have the status 'Production' assigned. They should also be able to edit the metadata of these files.
This results in the following setup: