Extended Permissions is a Cumulus add-on module that offers real-time permissions based on the business rules that you set. The permissions can change based on circumstances such as workflow approval processes, embargo and expiry dates, and other factors. It allows for the actual assets to have a permissions aspect that will determine how people can interact with the content.
This is implemented in either of two ways: either by assigning permissions to the assets themselves or by applying dynamic filters that control access based upon content characteristics.
What you can do with Extended Permissions:
As long as filtering is active, any further search operation – Quicksearch, Category Search, whatever – will only take into account the collection as defined by the filter criteria, not the whole catalog. Accordingly, the Find All Records command will only find records that match the filter criteria. An example is to create a checkbox metadata field called, “Ready for Client Approval.” Then create a Live Filter that finds only those files ready for approval. When the user logs in, she sees files ready for her approval, without any searching.
These enable administrators to determine who sees what on a particular asset or category. It allows a much more granular approach to asset access as you can hide asset records or categories from users who don’t need them ensuring asset security and metadata privacy. You can specify that user X can access specific types of documents like press releases for example, but not price lists.
For assigning individual permissions, a Permissions Template may be employed to grant individual permissions to multiple users/roles as defined in the template, granted to selected users one by one, or even automatically using built-in scheduler actions or the Roboflow (pdf) module.
This makes it possible to provide “private” metadata fields in your catalogs, such as “CIO Approved” or “Manager Approved” fields. Other users can see the fields if they have access to view sets that contain them – but only those listed as editors of the fields can make changes.
The primary value this feature offers is data integrity. If your catalog includes a “Manager Approved” field and that field is checked, you know for certain your manager has approved the asset. Because these fields can also serve as control mechanisms for Live Filtering, this enables managers in your group to enable or disable access to certain assets just by logging in (from anywhere) and changing a value.
Field specific permissions can restrict the editing of certain fields to only chosen individuals or roles. Administrators can define permissions for certain metadata fields, for example they could define that in general a certain user can only view assets but have limited access to edit certain metadata fields for which they are responsible, such as copyright or distribution.
This is a very powerful feature, especially in workflow and approval scenarios. You can combine several permissions to achieve your desired outcome.
Note: Extended Permissions and Permissions templates are included in Cumulus Enterprise edition.
Written by Antra Silova, Media Specialist and Linda Rouse, Information Manager.
___________________
Comparison of Workgroup versus Enterprise blog post.
Roboflow datasheet (pdf).