Ready to start setting up permissions and control user interaction with your content? This guide will walk you through the process.
⏩Jump ahead if you do not know how your ACL should be constructed and need an example to get you started
I know how I want my access control to work
If you have an idea of how (or know exactly how) you want your access control to work, follow this guide to set things up.
- Setting Default Record, Media, and Collection Access
The first step towards building your ACL is to consider and implement a default ACL for your Records, Media, and Collections. When these new items are created, the default ACL will be applied - unless otherwise altered by someone with the correct permissions: Setting individual record ACL on Creation - Adding Users to Groups for Access Control
Once the default ACL has been applied, we will need to add some users to the groups in your default ACL. - Create Download Profiles for Groups of Users
Even where users have download rights on some media, without a download profile for their user - or group to which this user belongs - they will be unable to download. - Create Media View Instances for Downloads
The final step is to create a 'Download' button. This is done through the addition of a media view instance. - (Optional) set up SSO to add users to groups via SAML attributes
Using your SSO provider, we can automatically add users to groups by using your organisational log-in. - Wrap up and consider Monetisation options
You should now have a fully functional ACL, When using Monetisation we may need to add more groups and media view instances for download buttons
I am starting from scratch. What can I do?
If you do not know how to configure Access Control Lists (ACL) to meet your requirements, here are a few examples of how your default ACL and site permissions could look.
ACL Construction
Once you have an idea of how the interaction between users and content will take place, we can begin to construct your ACL.
⚠️ It is very important that you understand how Record and Media Access works, as the next step will set the default level of access to all content for selected Users and/or Groups.
The tables below show an example ACL to get you started.
| Default Record and Media ACL | |||||||
| Record | Media | Collections | |||||
| Access | Read | Edit | View | Edit | Download | Create | Edit |
| Standard | Y | N | Y | N | N | Y | N |
| Internal Staff | Y | Y | Y | Y | Y | Y | Y |
| Downloaders | Y | N | Y | N | Y | Y | Y |
| Administrators | Y | Y | Y | Y | Y | Y | Y |
| object-creator | Y | Y | Y | Y | Y | Y | Y |
| Standard | Internal Staff | Downloaders | Administrators | |
| Create Records | N | Y | N | Y |
| Delete Records or Media | N | Y | N | Y |
| Create Clips Downloads | N | Y | Y | Y |
| Manage Jobs | N | Y | N | Y |
| Embed Records | N | Y | N | Y |
| Create Collections | Y | Y | Y | Y |
| User Administration | N | Y | N | Y |
| Site Administration | N | N | N | Y |
This is a good starting point for your ACL. Where everyone can view all new records, but only Internal Staff and Administrators have access to edit Records. The Downloaders group have permission to download media, but not to create new records.
Object creators have full access to view, edit, and download records and media that they have created. But also remember that only Internal staff and Administrators have access to create records.
Follow the steps below to implement your ACL starting point:
- Setting Default Record, Media, and Collection Access
The first step towards building your ACL is to consider and implement the example default ACL above. When Records, Media, and Collections are created, the default ACL will be applied - unless changed by someone with the correct permissions: Setting individual record ACL on Creation - Adding Users to Groups for Access Control
Once the default ACL has been applied, we will need to add some users to the groups in your default ACL. - Create Download Profiles for Groups of Users
Even where users have download rights on some media, without a download profile for their user - or group to which this user belongs - they will be unable to download. - Create Media View Instances for Downloads
The final step is to create a 'Download' button. This is done through the addition of a media view instance. - (Optional) set up SSO to add users to groups via SAML attributes
Using your SSO provider, we can automatically add users to groups by using your organisational log-in. - Wrap up and consider Monetisation options
You should now have a fully functional ACL, When using Monetisation we may need to add more groups and media view instances for download buttons