Skip to main content
Skip table of contents

ACL Management [VE OG]

Access Control Lists (ACL) are a concept implemented in VidiCore. They can be used to control what access users and user groups have to various elements of the system. Within the scope of VidiEditor, this is relevant when it comes to an aspect of collaborative work where users share editing projects or media. VidiEditor allows one to control the ACLs for objects created by VidiEditor in different ways.

The following objects can be controlled using the VidiEditor:

  • VidiEditor projects

  • New items published by VidiEditor

  • Voice-over recordings created in VidiEditor

It depends on the configuration if and how the ACLs can be controlled by VidiEditor.

Default Behavior

By default, VidiEditor will not set any ACLs. New projects, publish items and voice-overs will be accessible to the owner of those objects. Only the one who creates those objects can access them via VidiCore. This can be overruled with VidiCore admin rights (see VidiCore documentation for further information: Access Control Lists).

Automatic Assignment Based on Rules

Typically, designing ACL structures can become complex depending on the company's user group design and workflows. Therefore it is possible to create rules in ConfigPortal that allow one to configure the system in a way where ACLs will be set automatically based on those rules. A VidiEditor user will not see any option in the GUI to control the ACLs, but the ACL will be set by VidiEditor as configured by the rule. It is possible to configure ACL management while hiding this from the user.

To do so go, to “ConfigPortal → Global Settings → ACL Rule” to create a new or edit an existing rule:

This will allow one to set a label for the rule as well as the rule itself. The rules are based on mapped groups (compare ConfigPortal Mapped Groups concept) that group user groups provided by an identity provider. The mapped groups can be seen here as a large group of users configured via the identity provider (e.g.: LDAP).

The overview in the above image already shows a setting displaying the:

  • Asset Creator Mapped Groups on the left-hand side. That is the mapped group(s) of users doing an interaction later on in the VidiEditor GUI.

  • Asset Visibility Mapped Groups on the right-hand side. That is the mapped group(s) of users getting access assigned when a user executes the interaction.

It can be controlled by the membership of those groups what user of a mapped group will grant access to other users when creating objects.

The mapped groups must have a VE_USER role when using this feature. If a user is part of multiple mapped groups with a different setting in the grid, it will be handled as a join so all related visibility groups will get an ACL assigned.

While those rules are global, they can be used for several use cases and applications. This also means they still must be assigned to the use case executed by the user. This can be done in the individual VidiEditor use case pages for the different scenarios as listed:

VidiEditor Projects

  • ConfigPortal → VidiEditor → Project → Create Project → Automatic Access for the Newly Created Project

New Items Published by VidiEditor

  • ConfigPortal → VidiEditor → Publish → Default Dialogue → Automatic Access for Published Items

    • ConfigPortal → VidiEditor → Publish → Group Specific Dialogue → Automatic Access for Published Items

Voice-over Recordings Created in VidiEditor

  • ConfigPortal → VidiEditor → Media→ Voice Over → Automatic Access for the Newly Created Voice-Over

In these pages, a dropdown allows one to select 1 rule that is valid for this use case. The image below offers an example of the default publish of a new item.

So this allows one to either set individual rules for the different use cases or to define one rule that is used in all those scenarios.

As a result, the ACLs will be assigned to the related user groups when the user executes the publish in VidiEditor while clicking the publish button. The user does not see information about this process in the GUI.

Manual Assignment Based on User Decision

Apart from the automatic assignment of ACLs based on rules, it is also possible to enable an option allowing a logged-in VidiEditor user to assign ACLs to users or user groups available in the system manually.

It is recommended to use the automatic assignment as it means it is easier to change the allowed user later on in the identity provider or the user to group mapping of to VidiCore.

This option must be enabled in: “ConfigPortal → VidiEditor → General → Settings → Manual Access Control”

By default, this option is turned off. If it is turned on it means that all VidiEditor users logged in to VidiEditor GUI can assign ACLs to groups and users for the following use cases:

  • VidiEditor projects

  • New Items published by VidiEditor

  • Voice-Over recordings created in VidiEditor

In the related dialogues, a GUI control is displayed that allows the user to set the accesses manually. An example is given in the image below for project creation:

As a result, the user can set and remove ACLs for users and groups while searching in the dropdown field. After confirming the dialog, the ACLs will be assigned.

In case of a combined usage of automatic and manual assignment of ACLs, both settings will be done and accumulated.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.