This topic deals with the various access permissions you can assign to an archive using the access list and how permissions are applied.
Using the access list to control user and group access to archives
Access lists in FotoWeb are evaluated from the top to bottom. If you add groups to the access lists (recommended), it is important to move the most specific groups to the top and the least specific groups, often those with the most members, to the bottom. That way, if a user is a member of two groups that are both granted access to the archive, their exact access permissions are determined by the permissions set on the highest-listed group.
A set of permissions can be assigned for each entry in the access list, as can an auto-search filter. The auto-search filter in the access list is applied together with the auto-search filter on the archive, if any.
Note: Entries in the access list are never combined. For each user trying to access the archive, FotoWeb determines one single entry in the access list, and only the permissions and auto-search filter from that entry are applied.
What are the Registered users and Everyone groups?
Registered users is a group that contains all users with a user account (username and password) on the system. The Everyone group includes all registered users plus unauthenticated guests. These two groups will always be listed at the bottom of the archive access lists.
An entry in the access list is assigned permissions according to the following rules:
- The access list is evaluated from top to bottom.
- If there is an entry for the user, that entry will be used.
- Otherwise, if there are one or more entries for groups of which the user is a member, then the topmost entry in the access list will be used. The group hierarchy does not matter.
- Otherwise, if there is a Registered Users entry, and the user is not a guest, that entry is used.
- Otherwise, if there is an Everyone entry, then that entry is used.
- Otherwise, the user does not have access to the archive.
Setting archive access and permissions
- From the Tools menu (cogwheel icon), go to Site Configuration > Archives.
- Select an archive and select Set access list, or select Edit and open the Access list tab.
What the archive permissions mean
|Browse||The user can open the archive and view thumbnails. By clicking a thumbnail, they can preview the asset and see asset metadata but not edit it.|
The user can download a preview in the size(s) defined by the FotoWeb administrator.
The user can access the Zoom tool in FotoWeb and FotoWeb Pro to zoom in on the full-size image.
Note the following about the Zoom permission:
|Workflow||Enables the user or group to use Actions and Markers in this archive. The actual Actions and Markers shown in the archive depend on permissions set on each action and marker.|
|Download||Gives the user access to download files from the archive|
|Duplicate||Gives the user the right to duplicate files in the archive.|
|Order||Lets the user send files to the shopping cart for further processing and delivery|
|Edit Text||Grants the user rights to edit the files' metadata. The choice of editor and quicklists is made by the system administrator.|
|Rotate||Gives the user the right to rotate pictures in the archive.|
Gives the user the right to copy to this archive from another archive
This permission also allows the user/group to duplicate assets in the archive.
|Move to||Gives the user rights to move to this archive from another archive.|
|Copy from||Gives the user the right to copy files from this archive to another archive.|
|Move from||Gives the user the right to move files from this archive to another archive.|
|Rename||Lets the user rename files in the archive.|
|Delete||Lets the user delete files in the archive. Depending on how FotoWeb has been configured, deleted files might be permanently deleted immediately or they may be moved to another folder.|
|Alerts||Lets the user set up alerts based on events in this archive.|
|Re-transcode||Allows a user to forcibly restart transcoding of a video file.|
|Edit SmartFolder||Lets a user create archive navigation with the help of SmartFolders.|
|Crop & Download||Allows a user to crop the selected image assets and download them. Only available to Plus and Pro licensed users.|
|Export||Required to allow users to export pictures to a CMS system using FotoWeb CMS Export.|
|Comment||Allows users to comment on the archive or individual assets in the archive.|
|Annotate||Allows users to create annotations on the assets in the archive.|
For information about Consent Management permissions, see Access list.
For information about Version Control permissions, see Configuring user access to revisions.
Tip: It's also possible to set common permissions for a whole selection of archives.
FotoWeb Desktop permissions
When a user is granted any of the following permissions, they will be prompted to install FotoWeb Desktop the next time they log in to FotoWeb.
Edit - The user can check out files from the archive and edit them in the FotoWeb Desktop Image Editor. The file will be automatically checked back in after editing, and the original file is overwritten.
Open - The user can check out files from the archive for editing in a local application. When the user has finished modifying the asset, they can check it back into the system using the FotoWeb Desktop tray icon for checked-out files.
Note: Edit and Open operations don't lock the original file for editing by other users. Therefore, another user can check out a duplicate of the file and potentially overwrite someone else's changes.
Note: Users of the FotoWeb Desktop Extension for Adobe Creative Suite require Open permissions on the archive to be able to check out files in Photoshop and Illustrator, edit them, and check them back in. A file that is opened in Photoshop or Illustrator is effectively checked out from the server and downloaded locally. When the user saves and closes the file, it will be uploaded to the server and checked back in (unlocked). A user can also save a local copy of the file with a different name, in which case they can upload that file to FotoWeb by triggering the FotoWeb Desktop Uploader from within the CS Extension. In this case, it's the Upload permission (see below) that controls which archives the user is allowed to upload new files to.
Crop - The user can check out files from the archive and crop them in the FotoWeb Desktop Crop module. You can set up archive-specific crop profiles to control preset measurements, and the type of crop users are allowed to use.
Place - Required for users to use any FotoWeb Desktop plugins and place files on a slide/page/layout in Office and InDesign.
Upload - Allow upload to this archive. Users can upload files to the archive using the FotoWeb Desktop uploader for Mac and Windows, the FotoWare Mobile app, the selection widget for CMS integrations, or the web interface upload from the main FotoWeb interface.
Users who create new files in Photoshop or Illustrator also need upload permissions to be able to upload the files to the archive using the Creative Suite Extension (in practice, the extension will trigger the FotoWeb Desktop Uploader tool when the user initiates an upload).
Permissions that relate to FotoWeb Desktop for iOS
To be allowed to search and preview content in archives from FotoWeb Desktop for iPhone, the following rights must be enabled:
Browse - You can search and view the archive grid on the iPhone and open a larger preview by tapping a thumbnail in the grid.
Zoom - You can zoom in on the high-resolution image. Although you can zoom even without the Zoom feature enabled by pinching the iPhone screen, doing so will not give you a higher-quality picture than what's available in the Preview.
Upload - Required only if the users should be allowed upload access to the archive.
The auto-search filter in the access list can be used to fine-tune the content that different users and groups see when accessing the archive.
Note: The auto-search filter does not allow access control on individual assets (permalinks). In other words, auto-search is not a security function, but a search and browse filter to show users certain parts of an archive. For more information, see Adding search filters to an archive.