Apart from defining permissions on the permission profile level, you can set permissions for specific metaproperty options. In this way, you can decide, for example, to hide specific assets that have been tagged with the selected metaproperty options from users, who normally have the right to view, edit, and/or remove assets in their portal. You can also decide that specific users or user groups should not have the possibility to tag an asset with the selected metaproperty option when they edit or upload assets.
Legacy taxonomy instructions
-
Navigate to
Settings > Taxonomy > Metaproperties management.
- Either navigate or search for the metaproperty with the option that you'd like to set the permission on.
-
Click
next to the metaproperty to view the metaproperty options.
-
Click
next to the metaproperty option that you'd like to update the permissions for.
-
Select the security access options.
New taxonomy instructions
- Navigate to
- Either navigate or search for the metaproperty with the option that you'd like to set the permission for.
- Select the metaproperty, then either navigate or search for the metaproperty option.
- In the right sidebar, click Access rights.
- Select the security access options.
Are you not sure if with the metaproperty option level permissions that are in place users can view, edit, remove or audit assets? See the explanation and examples below for more information. Use the Asset Permission Viewer instead if you want to analyze the metaproperty option permissions on an asset level.
Assets can be tagged with multiple metaproperty options for which permissions are set up. To avoid conflicts and security concerns at all times the default portal configuration requires users to have all the necessary permissions in order to view the asset for which the various permissions have been set up.
For example, the asset below is tagged with the metaproperty options North America and Legal Access Level 5. For both options restrictions are in place. The user group North America - Designers is allowed to view assets tagged with the option North America, but is not allowed to see media tagged with the option Legal Access Level 5.
In this case there is a metaproperty option permission conflict and the Hide media from this option permission will not allow the user group to view the asset.
Do you have an asset tagged with multiple metaproperty options that belong to the same metaproperty with different access restrictions? In certain use cases you may prefer that when users don't have all the necessary permissions for each option they can still view the asset. We can configure the portal in a way that having only one out of all the necessary permissions is enough to perform the corresponding action. In the example below the user group Only Access To Europe would then be able to view the asset.
Note
The Hide media from this option overrules any other permission/restriction that is set for a different option within the same metaproperty, which means users won't be able to view, edit and remove the asset.
By default, assets tagged with hide by default metaproperty options and options with no access restrictions belonging to the same metaproperty are not visible to users. If you don't want this standard behavior the optional configuration can be a solution.
In the below example an asset is tagged with the Level 1 and No Restrictions options under the Access Level metaproperty. The Level 1 option is a hide by default metaproperty option. In the default setup this would mean that nobody can see this asset unless they are added as an exception to the Level 1 option. The No Restrictions option is not hidden by default. In the default setup having access to only one of the option determines that users cannot view the asset.
When the optional configuration is enabled the permission profiles, user groups and/or users who only have viewing rights for one of options can still view the asset. Additional configuration for the option(s) with no restrictions is necessary though otherwise the system cannot determine whether users should be able to view the asset or not. In the below example all users were given viewing rights for the No Restrictions option by enabling the Show media from this option right for all the available permission profiles.
Contact your Customer Success Manager if you would like to have this non-standard setup enabled for your portal or when you would like to double check which behaviour currently applies to your portal.
Note
-
This optional configuration only applies to metaproperty options that belong to the same metaproperty. All metaproperty options need to be set to Hide by default. Make sure to set up the necessary permissions in order to show the assets to the necessary permission profiles, user groups and/or users.
-
This optional configuration does not work when other hide by default options have specific restrictions in place. If in the above example the option Africa would have been hidden specifically for the Only Access To Europe user group, users still wouldn't be able to view the asset.
-
The optional configuration can only be used for the Show media from this option and cannot be used for the hide, edit, audit and remove options.
-
Make sure to first analyze your current metaproperty option permissions in order to avoid any security risks or data breaches.
Once this setting is enabled it will automatically apply to all assets. Depending on your metaproperty option permission setup, (sensitive) assets that were hidden to specific permissions profiles, user groups and/or users before can now become available to a larger user base.
Comments
0 comments
Article is closed for comments.