Groups

_images/portal_groups.png

Overview of all registered groups in the system.

Groups allow you to organize permissions, roles and other attributes of Users into entities that are more easily administrable then against singular user records.

A user can belong to one or more groups, and a group can contain one or more users. A group can also inherit from one or more groups itself to create more complex hierarchies of roles.

Groups can be synchronized from external directory systems such as LDAP or Active Directory.

Group attributes.

_images/portal_group_add.png
Group Name

The name given to the group.

Group Description

Description of the group.

Parent groups

The current group will inherit roles and access rights from the parent groups that are chosen here.

Child groups

The child groups will inherit roles and access rights from this group.

Roles

Individual permission entities that the group may or may not have.

Permissions

Ingested media, collections and placeholders obtain permissions selected here when this group is used as Ingest or Collection profile.

Transcode profiles

Media ingested by users in this group will be transcoded to profiles selected in this tab. Different profiles can be chosen for video, audio, and image formats. See Transcode Profiles for more information on creating transcode profiles.

Export locations

Export locations that members of the group can use. See Export Locations for more information on creating export locations.

Metadata Groups

The users within this group will be able to choose from the metadata groups that you apply to the group from here. It is important for the daily use of the system for a user to have access to at least one metadata group. Define which metadata-groups users are allowed access to by setting them here and putting users into the correct group.

Notifications

Notification settings for this group.

Transfer

Overrides Default Transfer settings like mountpoiunts and upload storage.

Adding groups

To add a group, go into the group listing page in Cantemo under the admin menu and choose “Add group”. Fill in the necessary information for creation of the group. You can then fill in the form and click “Save”. If you would like to add another group then click “Save and add another”.

Create subgroups

Sub groups are created as above but will inherit from the groups submenu.

_images/portal_group_add.png

Sub groups are created as above but will inherit from the groups submenu.

Updating and deleting groups

To update a group find the group record from list of groups within the system, from the admin menu choose groups, then change the attribute that you wish to modify and click “Save & Continue “.

Note

Group names are read-only and can’t be changed.

To delete one or more groups go to the group listing page from the admin menu, select the group(s) that you wish to delete and click “Delete”. You will be asked to confirm the deletion.

Adding users to groups.

_images/portal_user-group.png

Add a user to group(s).

Users are added to groups by going into the user record and adding the group name to the list of groups that a user is in. This can also be in bulk from external directory systems.

Highlight the group that you wish to add or remove and click the arrows to move the groups between the two boxes.

Once you have chosen which group a user is in you can then choose whether that group is the default group for the user. The user will also have access to all the metadata-groups that the groups that they belong to have access to.

Transcode profiles

_images/portal_group-transcode_profiles.png

Define relevant transcode profiles for the media created by the group.

Transcode profiles have to be created in the admin transcode profile menu, then they can be applied to groups. This will automatically transcode media ingested by this group to the given transcode profiles.

Cantemo UI Roles

_images/portal_group-roles.png

The Cantemo Roles tree.

Cantemo Roles are at the core of Cantemo’s permission system. They provide a way to allow a user to only perform certain tasks. Based on the Cantemo Roles, each user is assigned the required Vidispine backend roles.

Cantemo Roles can only be assigned to Groups and apply to all users of that group. If the group you are editing inherits from another group it also inherits its Cantemo Roles. A user’s Cantemo Roles is the sum of all Cantemo Roles of the groups they are a member of.

The Cantemo Roles system has a tree-like structure, with the root nodes representing big parts of functionality. The deeper you go into the tree, the more detailed the affected functionality gets.

The Cantemo Roles represents actions in the user interface. Without a specific Cantemo Role, the corresponding action is disabled.

Note that the user both have to have the required access to an item as well as the required role to be able to perform an action. For example, a user has to have both WRITE access to an item and the role “Items Metadata Write” to be able to edit an items metadata.

The Administrator role is a special Cantemo Role. It will enable all other Cantemo Roles automatically, and will also add access to functionality that is admin exclusive, for example the System Settings or the Background Tasks overview.

Note

Previously there was a configuration for VERSION_SUPPORT. Disabling VERSION_SUPPORT is now made via Roles.

API Roles

You can also restrict users on a API level in portal. This means you can create users that cannot access the UI or portal, but still use the system.

When selecting Cantemo UI Roles the requested API Roles are selected automatically.

Custom Cantemo Roles

Cantemo includes the functionality to create and modify custom Cantemo Roles. Documentation and tests for this can be found in the help menu in Cantemo under headline REST API Reference.

Note

Custom Roles cannot be part of Cantemo UI och API Roles and are handled separately.

Permissions

_images/portal_group-permissions.png

Define relevant access rights for the media created by the group.

Permission ACLs on the media ingested by this group can be added and removed from groups by using this tab.

Export locations

_images/portal_group-export_location.png

Define relevant export locations for the group.

The export locations that a user has access to can be defined from the list of export locations available in this view.

Metadata

_images/portal_group-metadata.png

Define relevant Metadata groups for this usergroup

Here you set which Metadata Groups this group should have access to, including its default values.

Notifications

_images/portal_group-notifications.png

Define Notifications for this group

Different groups can see different Notifications. Default the Notifications are turned off, it can be turned on here.

Transfer

_images/portal_group-transfer.png

Override Default Transfer settings for this group

Different groups can have different transfer settings defined here.