Permissions Follow
Overview
User roles and permissions are key control components of your account’s security.
These work together to help you:
- control the visibility of and access to different assets and information in your account
- control the capabilities and features available to different users of the account
- control the behavior of the platform in response to some activities and features
- influence the native workflow of the platform to align with your preferred workflow
While both provide you security controls over your account, ROLES provide a higher level of control to the users on your account, whereas PERMISSIONS are asset-specific controls applied to both users and jobs on the platform.
Permissions
PERMISSIONS is a user access control and security layer that you can apply on the asset-level; that is, user and post-produced job levels.
CART sessions and Live Deposition sessions do not require permission tags since access to these are controlled by adding relevant participants on the booking form.
Permission tags can be categorized into two types: user permission tags and job permission tags, which work together to control user access to jobs.
Types of Permissions
User Permissions
User permission tags can be added as early as the user’s account creation.
User permission tags can be applied during user creation
Admins can manage permissions of the account’s users; that is, add/change/remove permissions tags applied on existing users through the User Management page.
Add/remove user permission tags
Job Permissions
Job permission tags can be applied during upload; regardless of the media source, but dependent on the role of the uploader and the mode of upload; that is:
- The effects of the user role of the uploader
- Only account admins can add and manage job permission tags
- Content managers cannot add or manage permission tags during upload
- The effects of the upload mode
- Job permission tags can be added during manual upload (using the +-sign widget); whether it’s uploaded straight from a computer, a link upload, or uploaded from a linked account
- Job permission tags cannot be added during automated uploads (autotake feature of some integrations with linked accounts)
Permission tags added during manual upload are applied on all the jobs created as a result of the upload.
Job permission tags can be applied during manual media upload
Admins can manage permissions of existing jobs; that is: add/change/remove permission tags applied on existing jobs through the Home page.
Add/remove job permission tags
How It Works?
Permissions control users-to-jobs access using a permissive matching logic; that is:
- If a user has no user permission tag, the user will have access to all existing jobs.
- If a job has no job permission tag, the job will be accessible to all users.
Permissions become restrictive if permission tags actually exist on both users and jobs; that is:
- If at least one of the user permissions match at least one of the job permissions, then the user will have access to the job.
The Admin role is also subject to and affected by permission rules.
Permission rules and results
Reversed Permissions
Reversed permissions provide tighter security over uploaded jobs by restricting access to jobs to only those with the relevant permission tags to view them.
This means non-admin users will only be able to view jobs that they have permission tags to.
Reversed permission rules and results
Reversed permissions are currently disabled by default, but you can submit a request to Verbit SUPPORT to enable it in your account.
Other properties of reversed permissions are:
- Jobs with no permission tags will be hidden from all non-admin users
- Non-admin users with no permission tags will not be able to see any jobs
- Reversed Permissions do not have any effect on the Admin role; that is, admins will still be able to access jobs that do not have any permission tags, or the jobs they have matching permission tags with
- Reversed Permissions do not have any effect on the CART Participant and Depo Viewer roles, as both naturally do not have access to post-production jobs.