Permissions


Permissions can be defined in the [CONFIG DIRECTORY]/permissionsets/ directory. where you will also find the six predefined permission sets. The permissions are divided into five groups: General, Read, List, Write and Tasks. If a precise definition is not required, it is possible to set each group to a default true or false. For an example, please see the end of this section. Each permission can be granted, forbidden or left undefined.

 

In order to see which permissions are required for the execution of certain tasks and viewers, please see the Appendix  "Permissions required for Tasks and Viewers".

 

 


General

The general permissions are set on global, user or group level and apply to the session and not to the content of the connectors.

 

Permission Description
switchuser enables switching to another user within the session
changepassword allows the user to change his password
writepreferences  
readlicence allows the user to read information on the installed licence (activates the licence tab in the web interface)
writelicence allows to upload a new licence, replacing the installed one

 

Read

The read permissions can be defined on any level (global, user, group and connector-assignment) and apply to content within a connector).

 

Permission Description
renderedimages allows single source image requests, applies to storage and multiresolution connectors only
files allows get requests to retrieve the assets (/fsi/static/path/to/file). Applies to static connectors only.
downloadsource allows downloading the original file with an appropriate content disposition header set
copy allows using the asset as a source for a copy command
storagestatus allows access to the files import status
basicmetadata allows access to the file meta data (lm-date, size etc.)
extendedmetadata allows access to the image (IPTC, EXIF) and custom meta data
iccprofiles allows downloading the images color profile
totalassetcount allows access to the number of assets in a connector


List

The list permissions can be defined on any level and apply to the content within a connector.

Permission Description
files allows listing the files in a directory
directories allows listing sub-directories
searchresults allows including assets from this connector in search results the search results
connector allows including a connector in the root list


Write

The write permissions can also be defined on any level and they apply to the content of a connector.

Permission Description
delete allows deleting assets
movetotrash allows moving data from this connector to the trash
rename allows renaming assets

movewithin-

connector

move an asset to a different directory within the same connector
createdirectory allows creating directories in this connector
upload allows uploading assets
paste allows using this connector as a target for copy and cut commands
extendedmetadata allows changing the extended meta data
overwrite allows overwriting assets

Tasks

The tasks permissions can be defined anywhere and they apply generally as well as on a per connector base.

Permission Description
reimportFiles trigger a re-import of images within a connector
batchRendering render images within a batch job
createArchive start or schedule a batch job that will create an archive file



Example PermissionSet.xml
<permissionset>
 
	<general default="true" />
	<read default="true" />
	<list default="true" />
 
	<write>
		<delete>false</delete>
		<movetotrash>false</movetotrash>
		<rename>false</rename>
		<movewithinconnector>true
		</movewithinconnector>
		<createdirectory>true</createdirectory>
		<upload>false</upload>
		<paste>false</paste>
		<extendedmetadata>true</extendedmetadata>
		<overwrite>true</overwrite>
	</write>

	<tasks default="false" />
	<name>default</name>
</permissionset>


Permissions for different connector types

The table below shows how the permissions for specific connector types need to be defined.

Connector 

Type

Permissions defined by
Normal Source Connectors Global-, User-, Group- and Group-Connector Assignment
Configs-Connector Hardcoded set applies to assigned Viewers
Downloads-Connector Configured in downloads.xml in the connectors-directory
Trash Partially hardcoded and partially dependent on connector the file originated from