Role management interface
- Emilie Nucci
- 1 Access
- 2 Introducing the role type
- 3 Role management
- 3.1 Role management basics
- 3.2 Role management interface
- 3.2.1 General information
- 3.2.2 Asset libraries
- 3.2.3 Metadata
- 3.2.4 Global permissions
- 3.2.5 Backoffice access
- 3.2.6 Others rules
- 4 Application upgrade and specific rules
- 5 Starting a new project
- 6 Documentation
Starting from 2022.5.0, Starter kit provides a new user interface for managing roles and permissions. It is now possible to edit or create a role through this interface.
Access
To access the roles management interface, go to the back-office, and click on :
Administration > Users > Roles
Direct URL: https://[Your-project-domain]/wedia-config/users-and-roles/
Introducing the role type
To enforce our licensing rights and facilitate the creation of new roles, each role is assigned a specific role type.
The role type determines :
The set of permissions that a role will inherit,
A mechanism to ensure that certain default permissions cannot be overridden for that role.
Starter kit roles type
Starter kit includes 3 role types configured to match standard license agreements : see the details here
The Wedia integration team can create / update / delete role templates to meet customer-specific license agreements. This can be done without deploying a NAR. For exemple, I can authorize a user type to delete an asset.
Introduction to metadata family
Starter kit default metadata families :
ID | Name of the family | Description | Starter kit metadata | Technical Key |
12 | Opened metadata | Metadata that contributors can enrich | Keywords, Collection, Folder, Languages, Photographer, Geographical thesaurus | dam.metadata.opened |
13 | Closed metadata | Metadata that only admin can enrich | Organization, Channel | dam.metadata.closed |
14 | AI metadata | Metadata that are gathered by AI. | AI Colors, AI concepts, Celebrity, Landmark | |
15 | Technical metadata | Metadata that are handled by the system | Asset type, color space, Language orientation, videoratio | dam.metadata.tech |
18 | Static metadata | Metadata that should not change in live mode | Country , Language, rights | dam.metadata.static |
The metadata that are likely to share the same permissions for a role are grouped into Families.
Each role type has a specific configuration for each metadata family.
Role type management interface
Wedia customers do not have access to the role type management interface, which allows Wedia to manage role types.
This interface is similar to the role management interface, but with the added ability to enable or disable sections.
When a section is disabled, it cannot be configured at the role level and the role type configuration applies to all roles.
When a section is active, there are two cases:
The administrator has explicitly chosen to customize the section configuration at role level → the new configuration of the role type will not be applied to this role.
The administrator has not explicitly chosen to customize the section configuration at the role level → the new role type configuration will be applied to this role automatically.
Additionally, there is one configuration that applies to all asset libraries and one configuration that applies to each metadata family.
Licence monitoring
Starter kit comes with 10 licenses that apply to users with roles based on administrator/contributor role type.
This rule can be adapted with the Admin > Authorized Users interface by the integration team depending on the number of licenses sold.
Role management
Role management basics
Project teams can create an unlimited number of roles based on role types.
They can update the roles, but cannot change the assigned role type.
Once a role is created from a role type, it cannot be changed. However, the project teams can modify the inherited permissions within the limitations set by the role type
Role management interface
General information
The interface allow you to configure :
Name
Description
Download resolutions
Asset libraries
The interface allow you to configure for each asset library, and by status, the authorized actions on the asset, as well as authorized actions in the asset workflow.
Metadata
The interface lists the metadata families that have been configured for the project.
You can customize the permissions to be applied to each metadata family or keep the default configuration.
You can also customize the permissions for one or more specific metadata items.
Global permissions
The interface lists a few global permissions you can manage.
You can customize the features available from the asset page or from the boards
Backoffice access
Decide if a role has access to the back-office and what it can manage among :
Manage Users
Manage homepage
Manage role (not visible by default, you need to activate the section at role lever if you like it)
Manage Data Model (not visible by default, you need to activate the section at role lever if you like it)
Manage Portal (not visible by default, you need to activate the section at role lever if you like it)
Manage Search, menus, and pages
Manage Logos, and colors
Decide which backoffice menus to display :
When there are no custom menus, the section is not displayed.
Starting from 2023.3.0 WEDIA Release, the backoffice menu is automatically generated based on the user's permissions. However, it is still possible to create "Custom" menus. In this section, the "Custom" menus are displayed. Check the ones you want to display for the role.
Others rules
It is highly recommended for developers to add messages with a brief explanation when implementing custom “security” rules on a project.
These messages provide traceability and help DAM administrators stay informed about the rules that apply to a role.
For adding a new message, follow these steps
Application upgrade and specific rules
Project teams should always have a reference environment when using the new configuration interface. This reference environment can change throughout the project's life cycle. For example, at the start of a project, the reference environment will be the integration environment where you will perform the entire project configuration. Once the project is in production, and if the interface is open to the client, the reference environment would become the production environment.
Under these circumstances, it is important that deliveries to the reference environment do not include structures such as role, pkgroletemplate, pkgsecugroup, and pkgsecupermission. This is to avoid overwriting configurations made by the project team or the client themselves.
Project specific rules can still be written in the admin security module.
Starting a new project
When the data model of the project is complete, you should see the following changes in the role management interface :
Asset libraries are displayed in tabs ( if you have only one asset library, there is no tab)
The metadata display under blue labels and are linked with families.
Default roles (administrator, contributor, user) are functional immediately without any additional action required.
Documentation
More documentation for developpers is available here : Roles and permissions