One of the key roles as an administrator is managing your user groups and their permissions. These groups determine which assets you have access to and what functionality is available to you in terms of uploading, downloading, etc.
The most important thing to consider when configuring your groups is the Folder Permissions section. This page allows you to control which folders the members of this group have permission to see, download, edit, and upload. You can also delegate approval permissions to certain groups on a folder-by-folder basis.
Asset Bank has two system default groups which serve as a baseline for your permissions:
- *Logged-in users - Any user that logs into the application falls into this group, regardless of any other additional groups they may be part of.
- *Public - Any user of the site, regardless of whether they are logged in, is a member of this group. This means that any user which has logged in will be part of both the *Public group and the *Logged-in users group.
These default groups cannot be deleted but can be renamed to better suit your organisation. It is possible to reorder groups in the list which will affect the way they are displayed on different areas of the system.
Adding new groups
Click 'Add a group' to add a new group. This will take you to the Add Group page where you can specify the properties of your new group.
- Name (required field) - the name of your new group.
- Description - a short description of your new group (displayed when setting permissions).
- Maximum downloads - specify how many downloads users within this group are allowed per a certain period (leave this blank or set to 0 for unlimited daily/hourly downloads). Please note: For users who belong in multiple groups, the most permissive restrictions will apply.
- Max download height/width - specify the maximum height/width of an image that users in this group are allowed to download (leave blank for unlimited).
- Users can email assets - if ticked, users in this group will get the option to send assets as an email when downloading.
- Users can view larger size - if ticked, users will see the 'view larger size' link when viewing the detail page of an image.
- Users can publish their lightbox - if lightbox publishing is enabled on the Asset Bank then this tick box allows you to control whether a user can publish their lightbox.
- Editors can only edit their own files -if ticked, users with edit permissions are restricted to only editing assets that they have uploaded to the system themselves.
- Users can export assets: if ticked, users in this group have permission to export assets and their metadata.
- Users can select group on registration - if ticked, this group will be displayed on the registration page for users to select it. If users are manually approved then the admin user can choose whether to allow them to join the requested group(s) or not. If user approval is disabled then users will automatically become a member of the selected group(s).
- IP Mappings - if you enter one or more IP addresses in here then any user accessing the system who is coming from one of these IP addresses will automatically inherit the permissions of this group without having to log in. A common use for this is specifying your own companys IP address so that your employees will have the same permissions and access to the same assets of, say, the *Logged-in Users group without having to actually log in.
- URL Mappings - if you enter a URL mapping a special link can be used to automatically give users the permissions of the group without having to log in. Please see the knowledge base article: Assigning users the permissions of a group using a URL for instructions to enable this functionality and for further information on using it.
- Homepage - Custom content pages or custom internal links (i.e. to pages within Asset Bank) which are added via Admin -> Content -> Menu Items will appear in this drop down. Users who are members of that group will be redirected to the selected page on login instead of the default Asset Bank homepage. Leave this as 'Default' if you want the uses to be directed to the standard Asset Bank homepage.
- Remote Group(s) - If your Asset Bank is configured to integrate with SAML SSO or an LDAP server then you can enter the "remote group" names or DN (Distinguished Name) of an LDAP group. When a new user is added to Asset Bank from the SAML Identity Provider or the LDAP server then, if that user is a member of a remote group that is specified in one of Asset Bank's groups then the user will be added to the Asset Bank group automatically.
Groups can be imported via a tab-delimited file. This functionality can be accessed via the Import groups link at the bottom of the Groups page in the Admin section. This page contains instructions on how to use the import functionality.
Once you have added the new group it will show in the list of groups for you to change other settings. Alongside it will be a list of possible actions you can perform:
- Edit - rename the group or change some of its basic settings (as described above).
- Folder Permissions - configure folder permissions for this group.
- Categories - specify what categories users can edit.
- Attribute Visibility - control which attributes are visible for users in the current group.
- Attribute Exclusions - exclude access to assets depending on their attributes.
- Filter Exclusions - exclude certain filters from being accessible for users in the group.
- Usage Exclusions - select usage types that will not be visible to users in this group.
- Asset Type Visibility - control which asset types users are able to upload to.
- Workflows - control the workflow states that approval groups can approve assets at.