User Management
      Back to home
      1. Knowledge Base
      2. Manage
      3. User Management

      Guide to Building Access Control 📕

      Ready to start setting up permissions and control user interaction with your content? This guide will walk you through the process.

       

      ⏩Jump ahead if you do not know how your ACL should be constructed and need an example to get you started

      I know how I want my access control to work 

      If you have an idea of how (or know exactly how) you want your access control to work, follow this guide to set things up. 

      1. Setting Default Record, Media, and Collection Access
        The first step towards building your ACL is to consider and implement a default ACL for your Records, Media, and Collections. When these new items are created, the default ACL will be applied - unless otherwise altered by someone with the correct permissions: Setting individual record ACL on Creation
      2. Adding Users to Groups for Access Control
        Once the default ACL has been applied, we will need to add some users to the groups in your default ACL
      3. Create Download Profiles for Groups of Users
        Even where users have download rights on some media, without a download profile for their user - or group to which this user belongs - they will be unable to download
      4. Create Media View Instances for Downloads
        The final step is to create a 'Download' button. This is done through the addition of a media view instance
      5. (Optional) set up SSO to add users to groups via SAML attributes
        Using your SSO provider, we can automatically add users to groups by using your organisational log-in. 
      6. Wrap up and consider Monetisation options
        You should now have a fully functional ACL, When using Monetisation we may need to add more groups and media view instances for download buttons

       

      I am starting from scratch. What can I do?

      If you do not know how to configure Access Control Lists (ACL) to meet your requirements, here are a few examples of how your default ACL and site permissions could look. 

      ACL Construction 

      Once you have an idea of how the interaction between users and content will take place, we can begin to construct your ACL.

      ⚠️ It is very important that you understand how Record and Media Access works, as the next step will set the default level of access to all content for selected Users and/or Groups

        

      The tables below show an example ACL to get you started. 

      Default Record and Media ACL
        Record Media Collections
      Access Read Edit View Edit Download Create Edit
      Standard Y N Y N N Y N
      Internal Staff Y Y Y Y Y Y Y
      Downloaders Y N Y N Y Y Y
      Administrators Y Y Y Y Y Y Y
      object-creator Y Y Y Y Y Y Y
      Site Permissions
        Standard Internal Staff Downloaders Administrators
      Create Records N Y N Y
      Delete Records or Media N Y N Y
      Create Clips Downloads N Y Y Y
      Manage Jobs N Y N Y
      Embed Records N Y N Y
      Create Collections Y Y Y Y
      User Administration N Y N Y
      Site Administration N N N Y

      This is a good starting point for your ACL. Where everyone can view all new records, but only Internal Staff and Administrators have access to edit Records. The Downloaders group have permission to download media, but not to create new records.  

      Object creators have full access to view, edit, and download records and media that they have created. But also remember that only Internal staff and Administrators have access to create records

      Follow the steps below to implement your ACL starting point:

      1. Setting Default Record, Media, and Collection Access
        The first step towards building your ACL is to consider and implement the example default ACL above. When Records, Media, and Collections are created, the default ACL will be applied - unless changed by someone with the correct permissions: Setting individual record ACL on Creation
      2. Adding Users to Groups for Access Control
        Once the default ACL has been applied, we will need to add some users to the groups in your default ACL.
      3. Create Download Profiles for Groups of Users
        Even where users have download rights on some media, without a download profile for their user - or group to which this user belongs - they will be unable to download
      4. Create Media View Instances for Downloads
        The final step is to create a 'Download' button. This is done through the addition of a media view instance
      5. (Optional) set up SSO to add users to groups via SAML attributes
        Using your SSO provider, we can automatically add users to groups by using your organisational log-in. 
      6. Wrap up and consider Monetisation options
        You should now have a fully functional ACL, When using Monetisation we may need to add more groups and media view instances for download buttons