Permissions can be defined in the [CONFIG DIRECTORY]/permissionsets/ directory. where you will also find the six predefined permission sets. The permissions are divided into five groups: General, Read, List, Write and Tasks. If a precise definition is not required, it is possible to set each group to a default true or false. For an example, please see the end of this section. Each permission can be granted, forbidden or left undefined.
In order to see which permissions are required for the execution of certain tasks and viewers, please see the Appendix "Permissions required for Tasks and Viewers".
The general permissions are set on global, user or group level and apply to the session and not to the content of the connectors.
|switchuser||enables switching to another user within the session|
|changepassword||allows the user to change his password|
|readlicence||allows the user to read information on the installed licence (activates the licence tab in the web interface)|
|writelicence||allows to upload a new licence, replacing the installed one|
The read permissions can be defined on any level (global, user, group and connector-assignment) and apply to content within a connector).
|renderedimages||allows single source image requests, applies to storage and multiresolution connectors only|
|files||allows get requests to retrieve the assets (/fsi/static/path/to/file). Applies to static connectors only.|
|downloadsource||allows downloading the original file with an appropriate content disposition header set|
|copy||allows using the asset as a source for a copy command|
|storagestatus||allows access to the files import status|
|basicmetadata||allows access to the file meta data (lm-date, size etc.)|
|extendedmetadata||allows access to the image (IPTC, EXIF) and custom meta data|
|iccprofiles||allows downloading the images color profile|
|totalassetcount||allows access to the number of assets in a connector|
The list permissions can be defined on any level and apply to the content within a connector.
|files||allows listing the files in a directory|
|directories||allows listing sub-directories|
|searchresults||allows including assets from this connector in search results the search results|
|connector||allows including a connector in the root list|
The write permissions can also be defined on any level and they apply to the content of a connector.
|delete||allows deleting assets|
|movetotrash||allows moving data from this connector to the trash|
|rename||allows renaming assets|
|move an asset to a different directory within the same connector|
|createdirectory||allows creating directories in this connector|
|upload||allows uploading assets|
|paste||allows using this connector as a target for copy and cut commands|
|extendedmetadata||allows changing the extended meta data|
|overwrite||allows overwriting assets|
The tasks permissions can be defined anywhere and they apply generally as well as on a per connector base.
|reimportFiles||trigger a re-import of images within a connector|
|batchRendering||render images within a batch job|
|createArchive||start or schedule a batch job that will create an archive file|
<permissionset> <general default="true" /> <read default="true" /> <list default="true" /> <write> <delete>false</delete> <movetotrash>false</movetotrash> <rename>false</rename> <movewithinconnector>true </movewithinconnector> <createdirectory>true</createdirectory> <upload>false</upload> <paste>false</paste> <extendedmetadata>true</extendedmetadata> <overwrite>true</overwrite> </write> <tasks default="false" /> <name>default</name> </permissionset>
Permissions for different connector types
The table below shows how the permissions for specific connector types need to be defined.
|Permissions defined by|
|Normal Source Connectors||Global-, User-, Group- and Group-Connector Assignment|
|Configs-Connector||Hardcoded set applies to assigned Viewers|
|Downloads-Connector||Configured in downloads.xml in the connectors-directory|
|Trash||Partially hardcoded and partially dependent on connector the file originated from|