Skip to main content
MediaBeacon University

Permission Restrictions List

A comprehensive guide to Permission Restriction functionality.

The Permission Restriction field is a multivalue field in each ACL that lists a set of "tags". Each of these define set of functionality that suppressed by inclusion on this field.

The "Add All" button will add all permission restrictions to the list, and the "Clear" button removes all permission restrictions.

When a permission restriction is added to an ACL it PREVENTS a user from using a particular functionality.

  • Add Annotations: Prevents the user from adding or deleting items in the Discussions metaform tabin the Asset View. Note: If the View Annotations permission restriction is enabled, the Discussions tab is not visible, preventing the user from adding discussion items, making this permission restriction redundant in that case.
  • Add Placeholders: Prevents the user from creating data-only assets. If the File Action permission restriction is enabled, the user will not be able to create placeholder assets, making making this permission restriction redundant in that case.
  • Administer Bundles: Prevents the user from creating and editing bundle status. Users will still be able to edit metadata in bundles (even bundle fields) if given access to those fields. This is considered an Admin privilege, and the Configure Widgets permission restriction should be set for most users.
  • Administer Dictionaries: Prevents the user from creating, editing, or deleting dictionaries. This is considered an Admin privilege, and the Configure Widgets permission restriction should be set for most users. Note that when a user can administer dictionaries, they can do so for all dictionaries in the system.
  • Allow Quick Download: Prevents the user from using the Quick Download feature .
  • Note: If the Download Hi-Res permission is enabled, Allow Quick Download is redundant.
  • Archive / Restore: This permission restriction is deprecated, and has no function.
  • Change Password: Prevents users that have local accounts from changing their passwords, contact info, and email settings.
  • Check Out: Prevents the user from using the Check Out functionality.
  • Check Out Admin: Prevents Global Administrators from using the "Check In" and "Cancel Check Out" commands and downloading checked out assets.
  • Configure Widgets: Prevents the user from accessing component's configuration panel. This is considered an Admin privilege, and the Configure Widgets permission restriction should be set for most users.
  • Contact Sheet: Prevents the user from creating contact sheets.
  • Content Pools Filter: This permission restriction is deprecated, and has no function.
  • Custom Download: Prevents the display of the "Custom" tab in the Conversions dialog. If the Download Hi-Res permission restriction is enabled, the user will not be able to use Custom Download, making making this permission restriction redundant in that case.
  • Delete Access: Prevents the user from using the Delete command.If the File Action permission restriction is enabled, the user will not be able to use the Delete Command, making making this permission restriction redundant in that case.
  • Download Hi-Res: Prevents the user from download non-converted original) files. In addition it also:
    • Prevents use of the Quick Download function.
    • Prevents use of the Custom Download tab.
    • Prevents use of the View Original command.
    • Prevents attaching assets to Email.
    • Makes redundant the Allow Quick Download and Custom Download permission restrictions
  • Edit Metadata: Prevents the user from editing any metadata. This permission restriction ignores field and group Edit Level settings. Note the following caveats:
    • Non-directly editable metadata will still be changed if the user performs other actions, such as uploading a new file. MediaBeacon will add any metadata that is included in the file, as well as metadata such as file size and Modification Time.
    • Does not recapitulate the Change Password permission restriction.
  • Enable Contextual Menus: Prevents the user from accessing contextual menus. Note that a Global Administrator user will always be able to access the Admin Mode via a contextual menu.
    • When this permission restriction is used, the following commands will be unavailable. Commands that may be accessed elsewhere in the interface are marked with an asterisk (*).
      • Open in New Window
      • Copy Link
      • Quick Download (also available in asset upper-right pulldown buttons)
      • Download*
      • Selection (The main selection menu
      • Add to Cart (Drag, Menubar > Selection > Add to Cart
      • Pinpoint Text*
      • View Original*
      • Replace
      • Crop
      • E-mail*
      • History (also available in the Menubar > Manage menu, if user has access)
      • Check Out, Check In, Cancel Check Out
      • New Version
      • Views
  • File Action: Prevents the use of the Move, Copy or Delete commands. Also prevents renaming assets, creating data-only assets, and hides the Create Menu .
  • This permission restriction makes redundant the Add Placeholder, Delete Access, Rename Asset permission restrictions.
  • File Upload: Prevents the user from uploading new assets to MediaBeacon. This does not restrict the Import, Replace, Check Out, or Versioning functions.
  • Folder Action: Prevents the user from using various commands on folders. The following commands in the Directory Browser and Places Tree Directory Place contextual menus are disabled.
    • New
    • Rename
    • Delete
    • Move/Copy
    • Duplicate Folder
  • Generate External Links: Prevents the user from using the External Links command in either the Create or folder contextual menus. Note: This function may or may not be considered an Admin function, and as it allows access to assets without login or authentication, care should be given in determining which users can use External Links.
  • Import Assets: Prevents users from using the Import command on assets or folders. This is considered an Admin privilege, and the Configure Widgets permission restriction should be set for most users.
  • Link Assets: Prevents the use of the Link Assets functionality. Note that this is a wholly different function from External Links.
  • Manage Workspaces: Prevents the user from changing workspace settings, as well as adding / removing components, rearranging workspace tab order, setting workspace tab names, and changing the the layout their workspaces.This is considered an Admin privilege, and the Configure Widgets permission restriction should be set for most users.
  • Maximize/Minimize Widgets: This permission restriction is deprecated, and has no function.
  • Rename Assets: Prevents the user from renaming assets . This permission is redundant when the File Action permission restriction is enabled.
  • Replace Assets: Prevents the the use of the Replace functionality.
  • RSS: Allows the Global Administrators to have access to the following RSS functionalities:
    • Manage > "Feeds"
    • Directory Browser "Create RSS Feed" and "Attach RSS Feed"
  • Send E-mail: Prevents the use of email-related functions:
  • Trigger Workflow: Prevents a user's actions from triggering custom workflows. Visual Workflows (VWFE) and Advanced Workflows require this privilege to be unrestricted to operate in a given ACL.
  • Upload Anywhere: Prevents uploading to any directory other than the standard directory. For more information on this concept, see the [???] section.
  • Version: Prevents the use of the Versions functionality. This permission restriction has no bearing on the Check Out functionality, which also creates versions in MediaBeacon.
  • Video Original: Prevents access to the original video file as opposed to renditions with lower frame rates, more compact formats, etc.
  • View Annotations: Prevents display of the Discussions metaform tab. When this permission restriction is enabled, the Add Annotations permission restriction becomes redundant. Global Administrator users may always use this function, regardless of setting.
  • View Global Asset Log: Prevents users from accessing the History command.
  • Was this article helpful?