Groups allow you to organize permissions, roles and other attributes of Users into entities that are more easily administrable then against singular user records.
A user can belong to one or more groups, and a group can contain one or more users. A group can also inherit from one or more groups itself to create more complex hierarchies of roles.
Groups can be synchronized from external directory systems such as LDAP or Active Directory.
- Group Name
The name given to the group.
- Group Description
Description of the group.
- Parent groups
The current group will inherit roles and access rights from the parent groups that are chosen here.
- Child groups
The child groups will inherit roles and access rights from this group.
Individual permission entities that the group may or may not have.
Ingested media, collections and placeholders obtain permissions selected here when this group is used as Ingest or Collection profile.
- Transcode profiles
Media ingested by users in this group will be transcoded to profiles selected in this tab. Different profiles can be chosen for video, audio, and image formats. See Transcode Profiles for more information on creating transcode profiles.
- Export locations
Export locations that members of the group can use. See Export Locations for more information on creating export locations.
- Metadata Groups
The users within this group will be able to choose from the metadata groups that you apply to the group from here. It is important for the daily use of the system for a user to have access to at least one metadata group. Define which metadata-groups users are allowed access to by setting them here and putting users into the correct group.
Notification settings for this group.
Overrides Default Transfer settings like mountpoiunts and upload storage.
To add a group, go into the group listing page in Portal under the admin menu and choose “Add group”. Fill in the necessary information for creation of the group. You can then fill in the form and click “Save”. If you would like to add another group then click “Save and add another”.
Sub groups are created as above but will inherit from the groups submenu.
Updating and deleting groups¶
To update a group find the group record from list of groups within the system, from the admin menu choose groups, then change the attribute that you wish to modify and click “Save & Continue “.
Group names are read-only and can’t be changed.
To delete one or more groups go to the group listing page from the admin menu, select the group(s) that you wish to delete and click “Delete”. You will be asked to confirm the deletion.
Adding users to groups.¶
Users are added to groups by going into the user record and adding the group name to the list of groups that a user is in. This can also be in bulk from external directory systems.
Highlight the group that you wish to add or remove and click the arrows to move the groups between the two boxes.
Once you have chosen which group a user is in you can then choose whether that group is the default group for the user. The user will also have access to all the metadata-groups that the groups that they belong to have access to.
Transcode profiles have to be created in the admin transcode profile menu, then they can be applied to groups. This will automatically transcode media ingested by this group to the given transcode profiles.
Portal UI Roles¶
Portal Roles are at the core of Portal’s permission system. They provide a way to allow a user to only perform certain tasks. Based on the Portal Roles, each user is assigned the required Vidispine backend roles.
Portal Roles can only be assigned to Groups and apply to all users of that group. If the group you are editing inherits from another group it also inherits its Portal Roles. A user’s Portal Roles is the sum of all Portal Roles of the groups they are a member of.
The Portal Roles system has a tree-like structure, with the root nodes representing big parts of functionality. The deeper you go into the tree, the more detailed the affected functionality gets.
The Portal Roles represents actions in the user interface. Without a specific Portal Role, the corresponding action is disabled.
Note that the user both have to have the required access to an item as well as the required role to be able to perform an action. For example, a user has to have both WRITE access to an item and the role “Items Metadata Write” to be able to edit an items metadata.
The Administrator role is a special Portal Role. It will enable all other Portal Roles automatically, and will also add access to functionality that is admin exclusive, for example the System Settings or the Background Tasks overview.
Previously there was a configuration for VERSION_SUPPORT. Disabling VERSION_SUPPORT is now made via Roles.
You can also restrict users on a API level in portal. This means you can create users that cannot access the UI or portal, but still use the system.
When selecting Portal UI Roles the requested API Roles are selected automatically.
Custom Portal Roles¶
Portal includes the functionality to create and modify custom Portal Roles. Documentation and tests for this can be found in the help menu in Portal under headline REST API Reference.
Custom Roles cannot be part of Portal UI och API Roles and are handled separately.
Permission ACLs on the media ingested by this group can be added and removed from groups by using this tab.
The export locations that a user has access to can be defined from the list of export locations available in this view.
Here you set which Metadata Groups this group should have access to, including its default values.
Different groups can see different Notifications. Default the Notifications are turned off, it can be turned on here.
Different groups can have different transfer settings defined here.