User interaction with your content is controlled by Imagen access control lists (ACL). "Groups" simplify user access management and "Organisations" offer support for your SSO provider to manage user permissions.
What can I do with ACL?
First let's take a look at Record ACL, which controls who can view and edit a record, and who can view and download the attached media. Every 'record' has a unique set of access permissions, which can be set individually, in batches, or via automation.
What do Record Permissions look like?
The Record ACL above could have been created using a default set of permissions. The default permissions will apply to the creation of all new Records, Media, and Collections. Only selected users can change the permissions when creating new items.
A separate set of default permissions will apply to records, media objects, and collections. The examples below show where users can view and/or edit new content on creation.
Default record ACL (Examples)
In the example below 'everyone' can view new records, but only 'Administrators' can edit.
In the example below 'everyone' can view new media, but only 'Administrators' have permission to edit or download.
Default collection ACL (Example)
In the example below 'everyone' can view new collections, but only administrators and the collection creator can edit.
'User Groups' allow you to manage the permissions of different user types at scale. You may choose to use this feature to ensure consistency during user management. Imagen sites will have a 'Standard' and an 'Administrators' group by default. You can add new user groups as and when required.
Even where users or groups have download permissions for a media object, there must be a download profile for that user or group. Groups of users should be assigned a 'download profile', specifying the types of media to which they have permission to download.
To simplify user management, Imagen will integrate with your SSO provider to provide seamless authentication. Attributes passed from your SSO Provider can be logged on sigh-in.