Skip to main content
Skip table of contents

Groups and Roles

ConfigPortal provide the flexibility to manage products' roles in AuthService and VidiCore role.

Assign Roles to User Group

Under the Groups and Roles Page, users are able to take all of the AD groups synchronized via the LDAP synch in the Identity Provider Page, and map these to the system.

This Page provides system administrators with a flexible means with which to map and label groups so that these can then be used in different functional areas. An example of this can be seen in the Restricting Workflows to Groups section. In order to map a new group, clicking the "+" option below the table will open the "Add a Mapped Group" window.

image-20241112-070502.png
image-20241112-062906.png

API

To create to new role. It can be achieve via ConfigPortal API

api/v2/RoleRightsMapping/Mapping

image-20241112-063120.png

Sample RoleRightsMapping Model

JSON 
{
  "Name": "VE_CUSTOM_ROLE",
  "Description": "Custom roles for VidiEditor users",
  "Scope": "VIDIEDITOR"
}

Property Name

Description

Is Required

Guid

The unique identity for the role. It shall be in format of GUID

True

Name

The name of the role will be returned as part of the user claims. The value of the role shall not be changed after it has been added. The name must have a 2-character prefix which representing the Product (eg, VE_ROLE, CP_ROLE) follow by an underscore before the actual role name.

It is recommended to use all UPPERCASE for the name for readability.

True

Description

This describes the purpose of the role and is used for display on the ConfigPortal Group & Role Assignment page.

True

Scope

This shall be the product name (e.g., ConfigPortal, VidiEditor, VidiCore) to indicate the product that this role will be used for.

True

Id

The Id of the role in authservice. The Id is auto generated by ConfigPortal and AuthService, and it is not required to provide by user.

False

VidicoreRoles

The set of VidiCore supported roles

https://vidispine.atlassian.net/wiki/x/FQC4k

False

ConfigPortalRoles

The set of ConfigPortal supported roles. This is used to extend the role to include customize ConfigPortal’s Roles for WebUI.

https://vidispine.atlassian.net/wiki/spaces/IDFVD/pages/3372646454/Roles+And+Rights#ConfigPortal-Roles

False

Product Roles

ConfigPortal WebUI Roles

To configure ConfigPortal Roles for WebUI.

Predefined Roles

ConfigPortal contains several predefined roles that can be directly use by default.

User need to have a least the CP_VIEWER right assigned to the user group in order to view product menu and navigate around ConfigPortla WebUI.

ConfigPortal Roles

Description

CP_ARVATO

Admin user for ConfigPortal.

CP_EDITOR

Usual Admins at customers side: People that can change parameters or add configurations in use case pages more easy to understand, configs that do not influence other configs.

CP_EXPERT

Partners or Customers with special training for advanced functionalities: Users that got special training by Arvato doing more advanced tasks for example staging of data or technical views of config hard to understand.

CP_VIEWER

Everybody who needs to look: People not allowed to change but might get a look to the

Customize ConfigPortal Roles

In the event where user would likes to customize a role in ConfigPortal to only allow very specific permission to a specific page. ConfigPortal’s administrator can create a new role via CP API Groups and Roles | API

After create the role, administrator can than assign the role to the specific user in Group & Role Assignment page in ConfigPortal WebUI.

Sample RoleRightsMapping Model with ConfigPortal Roles

JSON 
{
  "Name": "CP_CUSTOM_VIDEOUPLOADER",
  "Description": "Custom roles for users",
  "Scope": "ConfigPortal",
  "ConfigPortalRoles": [
    {
      "UseCaseDefinitionGuid": "8f26944e-6f31-4b09-bee0-844be71a4784",
      "Access": {
        "Read": true,
        "Write": true
      }
    },    
    {
      "UseCaseDefinitionGuid": "71a159a4-839e-4d36-8052-c1d5b6533be6",
      "Access": {
        "Read": true,
        "Write": true
      }
    }
  ]
}

Property Name

Description

Is Required

UseCaseDefinitionGuid

The identifier of the use case page

True

Access

To configure what is allowed to perform in the use case page

True

Access -> Read

True if login user shall able to view the page in the menu and can navigate to it

True

Access -> Write

True if login user can edit and delete the item in the page

True

The UseCaseDefinitionGuid can also be get from Setting → Notification (Actor Guid)

Adding ConfigPortalRoles to ConfigPortal Predefined Roles is not allowed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close