Permissions can be defined in the [CONFIG DIRECTORY]/permissionsets/ directory. where you will also find the six predefined permission sets. The permissions are divided into five groups: General, Read, List, Write and Tasks. If a precise definition is not required, it is possible to set each group to a default true or false. For an example, please see the end of this section. Each permission can be granted, forbidden or left undefined.


In order to see which permissions are required for the execution of certain tasks and viewers, please see the Appendix  "Permissions required for Tasks and Viewers".




The general permissions are set on global, user or group level and apply to the session and not to the content of the connectors.


switchuserenables switching to another user within the session
changepasswordallows the user to change his password
readlicenceallows the user to read information on the installed licence (activates the licence tab in the web interface)
writelicenceallows to upload a new licence, replacing the installed one



The read permissions can be defined on any level (global, user, group and connector-assignment) and apply to content within a connector).


renderedimagesallows single source image requests, applies to storage and multiresolution connectors only
filesallows get requests to retrieve the assets (/fsi/static/path/to/file). Applies to static connectors only.
downloadsourceallows downloading the original file with an appropriate content disposition header set
copyallows using the asset as a source for a copy command
storagestatusallows access to the files import status
basicmetadataallows access to the file meta data (lm-date, size etc.)
extendedmetadataallows access to the image (IPTC, EXIF) and custom meta data
iccprofilesallows downloading the images color profile
totalassetcountallows access to the number of assets in a connector


The list permissions can be defined on any level and apply to the content within a connector.

filesallows listing the files in a directory
directoriesallows listing sub-directories
searchresultsallows including assets from this connector in search results the search results
connectorallows including a connector in the root list


The write permissions can also be defined on any level and they apply to the content of a connector.

deleteallows deleting assets
movetotrashallows moving data from this connector to the trash
renameallows renaming assets



move an asset to a different directory within the same connector
createdirectoryallows creating directories in this connector
uploadallows uploading assets
pasteallows using this connector as a target for copy and cut commands
extendedmetadataallows changing the extended meta data
overwriteallows overwriting assets


The tasks permissions can be defined anywhere and they apply generally as well as on a per connector base.

reimportFilestrigger a re-import of images within a connector
batchRenderingrender images within a batch job
createArchivestart or schedule a batch job that will create an archive file

Example PermissionSet.xml
	<general default="true" />
	<read default="true" />
	<list default="true" />

	<tasks default="false" />

Permissions for different connector types

The table below shows how the permissions for specific connector types need to be defined.



Permissions defined by
Normal Source ConnectorsGlobal-, User-, Group- and Group-Connector Assignment
Configs-ConnectorHardcoded set applies to assigned Viewers
Downloads-ConnectorConfigured in downloads.xml in the connectors-directory
TrashPartially hardcoded and partially dependent on connector the file originated from