Security Domain: objectfile

Owned by Olivier Grenet
Last updated: Jan 05, 2024
2 min read

  • sendFile : the user can access the file of an instance, and a given rendition. This is used to restrict asset thumbnail visualisation rendition for a connected / unconnected user.

 

For example, the following rule will only render the asset preview of “public” assets to non-connected users (public being a metadata set to 1)

ISEXISTFIELD(objectname, 'public') AND object.public = 1 AND ( typeOp='variation' and STARTSWITH(subTypeOp, 'thumbnail') )

 

DXM Public / Private assets

Caution with DXM enabled systems

If your DAM publishes assets on the web with DXM enabled, sendFile will determinate if your asset is public or private :

 

  • public means that the asset can be published in the DXM Akamai cache system, for external systems to see.

  • private means that the asset will be tested by security before being published, and is never cached into Akamai.

If all your assets are private, the Akamai cache will never be used.

Assets are private when a security rule :

  • involves the surfer in the security rule calculation

  • or is blocking

 

On-the-fly transformations of images are not considered as variations, and there is no 'sendfile' security parameter directly associated with them. Therefore, security is applied to the source variation, which is normally the first parameter in the path following the asset identifier, or alternatively: the linkage defined in the WXM_VARIATIONS_API plugin :