Assigning permissions to media libraries
The permissions model built around the Media libraries application allows you to configure access to the application and the media libraries defined within. See the following sections for details:
- Creating a role to manage media libraries – the media libraries security model is mainly based on role assignments. Users are authorized to perform certain actions based on the roles assigned to them. This section shows how to create a role in the system and assign users to it.
- Configuring permissions for the Media libraries application – shows how to assign permissions for the Media libraries application to roles.
- Configuring media library permissions – shows how to configure permissions for separate media libraries.
Creating a role to manage media libraries
This section explains how to create a role in the system and assign users to it. If you already know how to create roles in the system, you can skip this section and move to Configuring permissions for the Media libraries application.
- Open the Roles application.
- Click New role.
- Fill in the Role display name and Role description fields, for example:
- Save the role.
The General tab of the role that you just created opens.
Assigning users to a role
- Switch to the Users tab.
- Click on Add users. The Select users dialog opens.
- Select the check box next to the users that you wish to assign.
- Save & Close the dialog.
Now that you created the role and assigned users to it, you can set its permissions.
Configuring permissions for the Media libraries application
This section explains how to configure permissions related to the Media libraries application.
- Open the Permissions application.
- In the Site drop-down list, select the site for which you wish to configure media library permissions.
- In Permissions for select Module and Media libraries.
- Grant required permissions to the site’s roles.
- Read – allows users to access the Media libraries application and view the content of media libraries.
- Manage – allows users to create, configure, and delete media libraries. Also allows them to manipulate media files in all of the site’s media libraries.
- Destroy – allows users to delete media file version history, provided object versioning for media files is enabled.
Permissions for individual media libraries
Module-level permissions grant access to the Media libraries application and all media libraries it contains. If you wish to provide a more restrictive permissions model for your site, individual media libraries allow you to configure permissions per file operation. Note, however, that all roles need to at least have the Read permission to access the Media libraries application.
Configuring media library permissions
Media library permissions offer a more granular alternative to global Media library application-level permissions (granted via the Permissions application). For example, if a role has the Manage permission granted to it via the Permissions application, all users belonging to that role can freely manipulate media files across all media libraries on a given site. This can be offset by configuring permissions for specific file operations (create, update, delete) per media library instead.
- Open the Media libraries application.
- Edit () the Media library you wish to configure.
- Switch to the Security tab.
- Set permissions for the Create file, Create folder, Delete file, Delete folder, Modify file, Modify folder, and See library content actions according to your requirements.
- Nobody – no one but global administrators or users with the Manage permission for the Media libraries module can perform the corresponding action. By default, all newly created media libraries use this permission level for every action.
- All users – everyone can perform the corresponding action.
- Authenticated users – all signed-in users can perform the corresponding action.
- Authorized roles – users belonging to allowed roles or with the Manage permission for the Media libraries module can perform the corresponding action. A list of all roles available for the current site is listed in a separate matrix underneath.
Permissions Grid
The following table shows which permissions need to be assigned to allow users to perform particular actions. Users with the Global administrator privilege level can perform all of these actions for all media libraries on the site.
Action/Permission | File | Folder | ||||||||
Read | Manage | Create | Delete | Modify | Create | Delete | Modify | See library content | ||
Files | ||||||||||
upload or import | or | |||||||||
modify file properties | or | |||||||||
delete | or | |||||||||
copy | or | |||||||||
move | or | |||||||||
Folders | ||||||||||
create | or | |||||||||
rename | or | |||||||||
delete | or | |||||||||
copy | or | |||||||||
move | or | |||||||||
Administration | ||||||||||
Access the Media library application | or | |||||||||
Modify media library properties and content | or | |||||||||
Live site | ||||||||||
See and browse library content | or | |||||||||
By default, the Xperience API does not check the See library content permission for visitors on the live site. To force the system to check this permission, you need to enable the Check file permissionssetting in the Settings application (Content -> Media category).