Cumulus and Extended Permissions
April 11, 2016 •Antra Silova
Cumulus out-of-the-box allows for a user’s access to be controlled by permissions which are applied for each user and that control the content with which they can interact. Generally, the functions a user is allowed to perform on records, assets and categories is set by the Cumulus administrator. These permissions can either apply to all catalog a user has access to, or can be catalog-specific.
Extended Permissions is a Cumulus add-on module that offers real-time permissions based on the business rules that you set. The permissions can change based on circumstances such as workflow approval processes, embargo and expiry dates, and other factors. It allows for the actual assets to have a permissions aspect that will determine how people can interact with the content.
This is implemented in either of two ways: either by assigning permissions to the assets themselves or by applying dynamic filters that control access based upon content characteristics.
What you can do with Extended Permissions:
Live Filtering
Live filtering is perhaps the simplest/ easiest way of implementing Extended Permissions. The traditional static permissions model doesn’t work when “yes” versus “no” needs to be based on real-time workflow status, rather than decisions made in advance. With live filtering, the visibility of assets can be controlled by a dynamic search query. After saving a query, it can be added to a user as a Live Filter. This could be used to give users only access to assets with a certain status, such as Approved. As soon as the status of a certain asset changes, the visibility of that asset to the user may change too.
As long as filtering is active, any further search operation – Quicksearch, Category Search, whatever – will only take into account the collection as defined by the filter criteria, not the whole catalog. Accordingly, the Find All Records command will only find records that match the filter criteria. An example is to create a checkbox metadata field called, “Ready for Client Approval.” Then create a Live Filter that finds only those files ready for approval. When the user logs in, she sees files ready for her approval, without any searching.
Set individual record/ category permissions
These enable administrators to determine who sees what on a particular asset or category. It allows a much more granular approach to asset access as you can hide asset records or categories from users who don’t need them ensuring asset security and metadata privacy. You can specify that user X can access specific types of documents like press releases for example, but not price lists.
For assigning individual permissions, a Permissions Template may be employed to grant individual permissions to multiple users/roles as defined in the template, granted to selected users one by one, or even automatically using built-in scheduler actions or the Roboflow (pdf) module.
This makes it possible to provide “private” metadata fields in your catalogs, such as “CIO Approved” or “Manager Approved” fields. Other users can see the fields if they have access to view sets that contain them – but only those listed as editors of the fields can make changes.
The primary value this feature offers is data integrity. If your catalog includes a “Manager Approved” field and that field is checked, you know for certain your manager has approved the asset. Because these fields can also serve as control mechanisms for Live Filtering, this enables managers in your group to enable or disable access to certain assets just by logging in (from anywhere) and changing a value.
Set permissions to edit field values
Field specific permissions can restrict the editing of certain fields to only chosen individuals or roles. Administrators can define permissions for certain metadata fields, for example they could define that in general a certain user can only view assets but have limited access to edit certain metadata fields for which they are responsible, such as copyright or distribution.
This is a very powerful feature, especially in workflow and approval scenarios. You can combine several permissions to achieve your desired outcome.
Note: Extended Permissions and Permissions templates are included in Cumulus Enterprise edition.
Written by Antra Silova, Media Specialist and Linda Rouse, Information Manager.
___________________
Useful links
Comparison of Workgroup versus Enterprise blog post.
Roboflow datasheet (pdf).