Skip to main content
MediaBeacon University

ACL Configuration

Configuration of Access Control Lists in the Group Permissions area.

Group Permissions (ACL)

The Permissions button under the “Groups” tab will take you to the next screen that allows you to assign permissions to groups of users. This is an extensive section which is covered in ACLs.

Create New ACL (Access Control List)


This button allows you to add multiple root browse folders to a user’s profile. Each pointer can be configured to have a separate set of privileges with different SQL statements in each (“Where” clause). This functionality allows you to have users log in to the same database but see and access different parts of it as determined by their permission sets. Adding a new pointer does not require you to rebuild the database or restart the server.

Users will be able to select a subdirectory from available list upon login and switch between subdirectories as they use the system later on.


Saving Changes to an ACL

To apply current changes, click the Done button in the current ACL panel being edited and then the Save button. Clicking Save first will result in ACL changes being lost.

The Cancel button will return the user to the groups list without making any of the changes permanent.

Root Path (Root Browse Folder)

This feature is used by the MediaBeacon administrator to set home (root) directories that users are allowed to access. All sub-directories of that directory are available to the users unless the Where field is used as a filter.

In general, MediaBeacon administrators can create an arbitrary number of ACLs, each of which can have their own root directory and unique set of permissions. However, a given ACL can only have one root directory with one set of permissions. Multiple sets of permissions require multiple ACLs.

If root browse folders are duplicated in the group and end user profile, group permissions (privileges) will override user permissions. In other words, group permissions will act as a filter on top of end user permissions.

ACL Icon

This allows you to set a custom icon for the ACL, which will appear in widgets and the ACL dropdown menu.

ACL Name / Description

ACL Name and ACL Description allow you to specify display names for a given ACL.

Upload M3TAForm

Available M3TAForms can be assigned to user groups, so they are available for tagging during the upload process. To add new M3TAForms to this list, place them in the [m-userinfo/m-xmpr] folder.

This method of assigning upload metaforms requires an external .XMPR file. MediaBeacon does not create these files, and using Upload Metaform assigment on the workspace or widget level is reccommended.



The Inherit checkbox will enable ACL inheritance in cases when users belong to multiple groups with different priorities. If (a) more than one ACL is defined for a user through group membership and if (b) these ACLs have the Inherit checkbox checked and if (c) these ACLs point to the same directory, then the Inherit button ensures that the ACLs are merged into a single master ACL and the permissions are inherited from the group with the highest priority. (Note: Priority 2 will be considered higher than Priority 1).

It is considered best practice to leave the Inherit checkbox off.



All group privileges can have No change, Yes or No values.

  • Yes: entire group will be given current privilege.
  • No: current privilege will not be available to the end users even if their user profile shows it as enabled.
  • No change: In older versions of MediaBeacon, this setting would cause the privilege to inherit it's setting from the User Account's ACL privileges will be applied. In MediaBeacon 8.x, User Accounts do not have individual ACLs, so this setting is equivalent to "No".

Description of Privilege Settings


Some privileges' "Yes" setting are overridden by other privileges being set to "No". These will be listed below when applicable.


Some privileges are deprecated and are non functional, these will be notes when applicable.

  • Add Annotations: Allows the user to add or delete items in the Discussions metaform tab, visible in the Asset View.
    • Overridden by View Annotations.
  • Add Placeholders: Allows the user to create new placeholder assets on the MediaBeacon server.
    • Overridden by File Action.
  • Add/Remove Widgets: Allows users to add and remove widgets in their workspaces. Also allows users to rearrange workspace tabs.
  • Add/Remove Workspaces: Allows users an ability to create or delete workspaces for their own use.
  • Administer Bundles: Allows users to create and edit bundles. For a full discussion of bundle functionality, see the Bundles section.
  • Administer Dictionaries: Allows user to edit all dictionaries.
  • Administer M4sterPlan: Allow users to make administrative changes to M4sterPlan. Has no effect if M4sterPlan is not installed.
  • Allow Quick Download: Allows users to perform Quick Downloads, which bypass the Loading Dock and download the original asset directly.
    • Overridden by Download Hi-Res.
  • Archive / Restore: Allows use of the Archive / Restore widget.
    • ​​​​​​Deprecated in MediaBeacon 5.2+.
  • Change Password: Allows users that have Local accounts to change their passwords, address, and email settings.
  • Check Out: Allows users to use the checkout functionality via the Contextual Menu.
  • Check Out Admin: Allows Global Administrators the ability to use "Check In" and "Cancel Check Out" and to download any checked out asset.any checked out
  • Configure Widgets: Allows users to adjust widget properties.
  • Contact Sheet: Allows users to create contact sheets.
  • Create and Share External Links: Allows users to share a link to a directory for download, to external to MediaBeacon sources.
  • Create Version: Allows users to create versions of assets.
  • Custom Download: Allows the user to see the “Custom” tab in the Conversions dialog.
    • Overridden by Download Hi-Res.
  • Delete Access: Allows the user to permanently delete assets from MediaBeacon.
    • Overridden by File Action.
  • Desktop Drag-and-Drop: Allows users to drag-and-drop assets to the desktop from the browser. In MediaBeacon 8.6, this makes use of the M4sterPlan functionality, and will not be functional if M4sterPlan is not installed.
  • Directory Browser: Allows users to see the Directory Browser.
    • This permission is deprecated. Visibilty of the Directory Browser is not affected.
  • Displays Global Keywords: Enables display of the “Frequently Used Keywords” spin down panel in the Keyword Search Widget and in the Advanced Search Dialog’s Keyword Search tab.
  • Download FPO: Allows the user to download the low-res (FPO) version of an asset. Supported file types are JPEG, TIFF, PDF, and EPS.
    • Deprecated.
  • Download Hi-Res: Allows the user to download the hi-res (original) files.
    • Overrides:
      • Allow Quick Download
      • Custom Download
  • Edit Metadata: Allows the user to edit metadata.
    • Overrides the ACL's Group's "Edit" Setting.
  • Enable Contextual Menus: Contextual menus appear when a user right clicks. Enabling them allows the user to select from various options within the menu.
    • "No" Overrides: The user will have no access to the following Contextual Menu Commands. Commands that may be accessed elsewhere in the interface are marked with an asterisk (*).
      • Check Out
      • Copy Link to Asset
      • Crop
      • Download*
      • Drag and Drop
      • E-mail*
      • Find Like Assets*
      • History*
      • New Version
      • Open in New Window
      • Pinpoint Text*
      • Quick Download*
      • Replace
      • Selection*
      • View Original*
      • Views
    • Global Administrator users may always use these functions, regardless of setting.
  • File Action: Allows the user to Move, Copy or Delete assets.
    • "No" Overrides:
      • Add Placeholder (Data Assets)
      • Delete Access
      • Rename Assets
  • File Upload: Allows the user to upload assets through a web browser.
    • Overrides
  • Folder Action: Allows the user to access the following commands in the Directory Browser and Places Tree Directory Place Contextual Menus:
    • "Yes" Setting Allows:
      • New
      • Rename
      • Delete
      • Move/Copy
      • Duplicate Folder
      • Import
    • "No" Overrides: RSS Feed create and Attach RSS Feed
  • FTP Delivery: Allows users to send assets via FTP from the Loading Dock Status widget.
  • Import Assets: Allows users to import assets or folders and regenerate web previews.
  • Link Assets: Allows users to link assets, either individually or a whole selection of assets.
  • Maximize/Minimize Widgets: This option allows users to maximize or minimize individual widgets.
    • In 8.6 this functionality is only seen while in Admin Mode.
  • Move Widgets: Allows users to rearrange widgets within their workspace.
  • Rename Assets: Allows the user to rename assets on the MediaBeacon server.
  • Replace Assets: Allows the use of the Replace functionality.
  • RSS: This privilege allows the Global Administrators to have access to the following RSS functionalities:
    • Manage > "Feeds"
    • Directory Browser "Create RSS Feed" and "Attach RSS Feed"
  • Send E-mail: Allows users to use MediaBeacon functions that involve sending e-mail.
  • Trigger Workflow: Allows users to trigger workflows. Visual Workflows (VWFE) and Advanced Workflows require this privilege to be enabled to operate in a given ACL.
  • Upload Anywhere: Allows the user to upload to any location within the current ACL's Root Folder. If set to "No", the user will only be allowed to upload to the Standard Directory (<rootpath>/upload/<username>/<timestamp>/).
  • Video Original: Allows access to the original video (as opposed to renditions with lower frame rates, more compact formats, etc.)
  • View Annotations: Allows the user to view items in Discussions.
    • Overrides Add Annotations
    • Global Administrator users may always use this function, regardless of setting.
  • View Global Asset Log: Allows user to view the History for individual assets.

M3TAForm Tabs

M3TAForm Tabs section allows MediaBeacon administrators to assign individual data blocks to groups of users. Groups of users will only see data schemas that have check boxes next to them in this interface. This allows administrators to add another layer of security to sensitive internal or customer data.

All group M3TAForms Tabs can have Hide, Auto or Color values.

  • Hide – makes the M3TAForms invisible
  • Auto – automatic color assignment to M3TAForms tabs
  • Blue, Orange, Teal, Purple, Green – color options for M3TAForms tabs
    • These settings are equivalent to "Auto". They do not effect any interface changes.


Search Filter

This allows the MediaBeacon administrator to add a required search filter to the ACL. Only assets that meet these criteria will be shown to users in this particular ACL. Options listed in the Search Filter drop down are generated based on the saved searches within the Advanced Search section of the MediaBeacon web interface.




The chat option allows you to select which groups and users within those groups will be able to chat between themselves.

Chat also controls which groups/users someone can share selections with from a given ACL.

All users are chattable allows group members to chat with all users in the system. It also allows them to share saved selections with all other groups and users in the system.

Use dock mode for chat displays chat functionality as a pop-open tab in the lower right-hand corner of the workspace instead of using the Chat widget.


This displays the workspaces that are available for a given ACL. They can be removed from the ACL by clicking the red “X.” Please see the Widget Manual for a discussion of adding and removing workspaces via the web interface.

Javascript on Download

This option will execute a given Javascript file on download. To make Javascript files available in this menu, put them in[Asset Repository]/m-layouts. The Javascript will also execute for external links.

This feature is more easily implemented on the workspace and widget levels

Hide ACL from Display

This option will prevent the ACL from appearing in widgets or the ACL dropdown menu.

  • Was this article helpful?