Setting archive access and permissions
This topic deals with the various access permissions you can assign to an archive using the access list and how permissions are applied.
To find the archive access list:
- From the Tools menu (cogwheel icon), go to Site Configuration > Archives.
- Open the properties of the archive in question.
- Navigate to the Access list tab.
Using the access list to control user and group access to archives
Access lists in FotoWeb are evaluated from the top to bottom. If you add groups to the access lists (recommended), it is important to move the most specific groups to the top and the least specific groups, often those with the most members, to the bottom of the list. That way, if a user is a member of two groups that are both granted access to the archive, their exact access permissions will be determined by the permissions set on the highest-listed group.
For each entry in the access list, a set of permissions can be assigned, as can an autosearch filter. The autosearch filter in the access list is applied together with the autosearch filter on the archive itself, if any.
Note: Entries in the access list are never combined. For each user trying to access the archive, FotoWeb determines a single entry in the access list, and only the permissions and autosearch filter from that entry are applied.
What are the 'Registered users' and 'Everyone' groups?
- The Registered users group contains all users with a user account (username and password) on the system.
- The Everyone group includes all registered users plus unauthenticated guests.
These two groups are always listed at the bottom of the archive access lists.
An entry in the access list is assigned permissions according to the following rules:
- The access list is evaluated from top to bottom.
- If there is an entry for the user, that entry will be used.
- Otherwise, if there are one or more entries for groups of which the user is a member, then the topmost entry in the access list will be used. The group hierarchy does not matter.
- Otherwise, if there is a Registered users entry and the user is not a guest, that entry is used.
- Otherwise, if there is an Everyone entry, then that entry is used.
- Otherwise, the user does not have access to the archive.
What the archive permissions mean
| Browse | The user can open the archive and view thumbnails. They can select a thumbnail to preview the asset and see asset metadata, but they cannot edit the asset. |
| Quick Rend |
You can download a preview in the size(s) defined by the FotoWeb administrator. |
| Zoom |
The user has access to the Zoom tool in FotoWeb and FotoWeb Pro. For more information on which file formats support the zoom feature, see Which file formats support high-resolution zooming in FotoWeb? Note:
|
| Workflow | Enables the user or group to use Actions and Markers in this archive. The actual Actions and Markers that are shown in the archive depend on permissions set on each action and marker. |
| Duplicate | Gives the user the right to duplicate files in the archive. |
| Download | Gives the user access to download files from the archive |
| Order | Lets the user send files to the shopping cart for further processing and delivery. |
| Edit Text | Grants the user rights to edit the files' metadata. The choice of editor and quicklists is made by the system administrator. |
| Rotate | Gives the user the right to rotate pictures in the archive. |
| Copy to |
Gives the user the right to copy to this archive from another archive This permission also gives the user/group the possibility to duplicate assets in the archive. |
| Move to | Gives the user the right to move to this archive from another archive. |
| Copy from | Gives the user the right to copy files from this archive to another archive. |
| Move from | Gives the user rights to move files from this archive to another archive. |
| Rename | Lets the user rename files in the archive. |
| Delete | Allows the user to delete files in the archive. Depending on how FotoWeb has been configured, deleted files will be permanently deleted immediately, or they may simply be moved to another folder. |
| Alerts | Allows the user to set up alerts based on events in this archive. |
| Re-transcode | Allows the user to forcibly restart transcoding of a video file. |
| Edit SmartFolders | Allows the user to create archive navigation with the help of SmartFolders. |
| Crop & Download | Allows the user to crop the selected image assets and download them. |
| Export | Required to allow the user to export pictures to a CMS system using FotoWeb CMS Export. |
| Comment | Allows the user to comment on the archive or individual assets in the archive. |
| Annotate | Allows the user to create annotations on the assets in the archive. |
| View revisions | Allows the user to view asset revisions and create duplicates based on a revision. |
| Restore revisions | Allows the user to restore a previous revision, making it the most current one. |
| Manage revisions | Allows the user to delete asset revisions. |
For information about Consent Management permissions, see Access list.
For information about Version Control permissions, see Configuring user access to revisions.
FotoWeb Desktop permissions
When the user is granted any of the permissions below, they will be prompted to install FotoWeb Desktop the next time they log in to FotoWeb.
- Edit - Lets the user check out files from the archive and edit them in the FotoWeb Desktop Image Editor. The file will be automatically checked back in after editing, and the original file is overwritten.
- Open - Lets the user check out files from the archive for editing in a local application. When users have finished modifying the asset, they can check it back into the system using the FotoWeb Desktop tray icon for checked-out files.
Note: Edit and Open operations don't lock the original file for editing by other users. As such, another user can check out a duplicate of the file and potentially overwrite someone else's changes.
Note: Users of the FotoWeb Desktop Extension for Adobe Creative Suite require Open permissions on the archive to be able to check out files in Photoshop and Illustrator, edit them, and check them back in. A file that is opened in Photoshop or Illustrator is effectively checked out from the server and downloaded locally. When the user saves and closes the file, it will be uploaded to the server and checked back in (unlocked). A user can also save a local copy of the file with a different name, in which case they can upload that file to FotoWeb by triggering the FotoWeb Desktop Uploader from within the CS Extension. In this case, it's the Upload permission (see below) that determines to which archives they are allowed to upload new files.
Crop - Lets the user check out files from the archive and crop them in the FotoWeb Desktop Crop module. You can set up archive-specific crop profiles to control preset measurements, and the type of crop users are allowed to use.
Place - Required for users to be able to use any FotoWeb Desktop plugins and to place files on a slide/page/layout in Office and InDesign.
Upload - Allow upload to this archive. Users can upload files to the archive using:
- the FotoWeb Desktop uploader for Mac and Windows
- FotoWeb apps for Android, iPhone, or iPad
- the selection widget for CMS integrations
- the web interface upload from the main FotoWeb interface.
Users who create new files in Photoshop or Illustrator also need Upload permissions to be able to upload the files to the archive using the Creative Suite Extension. (In practice, the extension triggers the FotoWeb Desktop Uploader tool when the user initiates an upload.)
Permissions that relate to FotoWeb Desktop for iOS
To be allowed to search and preview content in archives from FotoWeb Desktop for iPhone, the following rights must be enabled:
Browse - Allows you to search and view the archive grid on the iPhone and open a larger preview by tapping a thumbnail in the grid.
Zoom - Lets you zoom in on the high-resolution image. Although you can zoom by pinching the iPhone screen, doing so will not give you a higher-quality picture than what's available in the Preview.
Upload - Required only if the users should be allowed upload access to the archive.
Autosearch Filter
The autosearch filter in the access list can be used to fine-tune the content that different users and groups see when accessing the archive.
Note: The auto search filter does not allow access control on individual assets (permalinks). In other words, auto search is not a security function, it is a search and browse filter to show users certain parts of an archive. For more information, see Adding search filters to an archive.