Assigning permissions to media libraries
The permission model built around the Media libraries application allows you to configure access to the application and the media libraries defined within. See the following sections for details:
- Creating a role to manage media libraries – the media libraries security model is mainly based on role assignments. Users are authorized to perform certain actions based on the roles assigned to them. This section shows how to create a role in the system and assign users to it.
- Configuring permissions for the Media libraries application – shows how to assign permissions for the Media libraries application to roles.
- Configuring media library permissions – shows how to configure permissions for separate media libraries.
- Configuring group media library permissions – as an alternative to the role-based access model, the system also supports media libraries for the Groups functionality. These libraries are accessible to users affiliated with specific groups. This section shows how to configure permissions for group media libraries.
Creating a role to manage media libraries
This section explains how to create a role in the system and assign users to it. If you already know how to create roles in the system, you can skip this section and move to Configuring permissions for the Media libraries application.
- Open the Roles application.
- Click New role.
- Fill in the Role display name and Role description fields, for example:
- Save the role.
The General tab of the role that you just created opens.
Assigning users to a role
- Switch to the Users tab.
- Click on Add users. The Select users dialog opens.
- Select the check box next to the users that you wish to assign.
- Save & Close the dialog.
Now that you created the role and assigned users to it, you can set its permissions.
Configuring permissions for the Media libraries application
This section explains how to configure permissions related to the Media libraries application.
- Open the Permissions application.
- In the Site drop-down list, select the site for which you wish to configure media library permissions.
- In Permissions for select Module and Media libraries.
- Grant required permissions to the site’s roles.
- Read – allows users to access the Media libraries application and view the content of media libraries.
- Manage – allows users to create, configure, and delete media libraries. Also allows them to manipulate media files in all of the site’s media libraries.
- Destroy – allows users to delete media file version history, provided object versioning for media files is enabled.
Permissions for individual media libraries
Module-level permissions grant access to the Media libraries application and all media libraries it contains. If you wish to provide a more restrictive permission model for your site, individual media libraries allow you to configure permissions per file operation. Note, however, that all roles need to at least have the Read permission to access the Media libraries application.
Configuring media library permissions
Media library permissions offer a more granular alternative to global Media library application-level permissions (granted via the Permissions application). For example, if a role has the Manage permission granted to it via the Permissions application, all users belonging to that role can freely manipulate media files across all media libraries on a given site. This can be offset by configuring permissions for specific file operations (create, update, delete) per media library instead.
- Open the Media libraries application.
- Edit () the Media library you wish to configure.
- Switch to the Security tab.
- Set permissions for the Create file, Create folder, Delete file, Delete folder, Modify file, Modify folder, and See library content actions according to your requirements.
- Nobody – no one but global administrators or users with the Manage permission for the Media libraries module can perform the corresponding action. By default, all newly created media libraries use this permission level for every action.
- All users – everyone can perform the corresponding action.
- Authenticated users – all signed-in users can perform the corresponding action.
- Authorized roles – users belonging to allowed roles or with the Manage permission for the Media libraries module can perform the corresponding action. A list of all roles available for the current site is listed in a separate matrix underneath.
Configuring group media library permissions
Groups have roles separate from the rest of the system. If you want to set group media library permissions for group roles, create a group role first, as described in Working with groups.
- Open the Groups application.
- Edit () the group in which you want to modify the media library.
- Switch to the Media libraries tab.
- Edit () the media library for which you wish to configure permissions.
- Switch to the Security tab.
- Configure permissions for the website according to your requirements.
- Nobody – no one but global administrators or users with the Manage permission for the Media libraries module can perform the corresponding action.
- All users – everyone can perform the corresponding action.
- Authenticated users – all signed-in users can perform the corresponding action.
- Group members – users belonging to the group or with the Manage permission for the Media libraries module can perform the corresponding action.
- Authorized roles – users belonging to allowed roles or with the Manage permission for the Media libraries module can perform the corresponding action. A list of all roles available for the current site is listed in a separate matrix underneath.
Permissions Grid
The following table shows which permissions need to be assigned to allow users to perform particular actions. Users with the Global administrator privilege level can perform all of these actions for all general and group media libraries on the site. Group administrators can perform all of these actions for group media libraries of groups where they are group administrators.
|
Action/Permission |
File |
Folder |
||||||||
|
Read |
Manage |
Create |
Delete |
Modify |
Create |
Delete |
Modify |
See library content |
||
|
Files |
||||||||||
|
upload or import |
|
or |
|
|||||||
|
modify file properties |
|
or |
|
|||||||
|
delete |
|
or |
|
|||||||
|
copy |
|
or |
|
|||||||
|
move |
|
or |
|
|||||||
|
Folders |
||||||||||
|
create |
|
or |
|
|||||||
|
rename |
|
or |
|
|||||||
|
delete |
|
or |
|
|||||||
|
copy |
|
or |
|
|||||||
|
move |
|
or |
|
|||||||
|
Administration |
||||||||||
|
Access the Media library application |
|
or |
||||||||
|
Modify media library properties and content |
|
or |
||||||||
|
Live site administration |
||||||||||
|
Access the Media library application |
|
or |
||||||||
|
Modify media library properties and content |
|
or |
||||||||
|
Live site |
||||||||||
|
See and browse library content (Media gallery web part) |
|
or |
|
|||||||
|
Upload file (Media file uploader web part) |
|
or |
|
|||||||
By default, Kentico does not check the See library content permission for visitors on the live site. To force the system to check this permission, you need to enable the following settings in the Content -> Media category of the Settings application:
- Use permanent URLs
- Check file permissions