Managing Metadata Permissions
Administrators can use FileCloud Server to set the following Metadata types of permissions:
- User/group permissions (read/write) - these grant access to specific users and
- Allowed paths support - which affects File Objects based on their location.
When setting Metadata permissions, you need to consider additional permissions on the File Object such as:
- lock permissions,
- share permissions,
- network folder permissions,
Effective permissions include all of these considerations. For example, on a shared file, if a user has write permission to the metadata set but read-only access to share then the effective metadata permission would be read-only.
Table 1. Permissions Examples
User permissions | Group permissions | Allowed Paths | File Object | Additional permissions | Read/Write | Comment |
---|---|---|---|---|---|---|
Write | Readonly | All | /USERNAME/assets | - | y/y | Write permission is granted based on the user permissions |
Write | - | All | /USERNAME/assets/image1.png | write lock | y/n | As lock is applied, readonly access to metadata will only be granted |
Readonly | Write | All | /SHARED/user1/assets | view only access for share | y/n | Share permissions will narrow metadata permissions to readonly |
Readonly | Write | /USERNAME/assets | /USERNAME/assets/images | - | y/y | As file path is a subpath of one of the allowed paths user will be granted write access for metadata |
Write | - | /USERNAME/assets | /USERNAME/images | - | n/n | The path isn't allowed so no metadata permissions are granted at all |
The process of adding group permissions is similar to adding user permissions. The main difference is that when you use the Add Group button, all available groups are listed immediately. The rest of the process is exactly the same.
To grant a user access to the Metadata field:
- Log in to the Admin Portal.
- In the Home navigation panel on the left side, under Misc., select Metadata.
- In the Manage Metadata Sets section, select the one you want to grant access, and then click on the edit icon .
- In the Edit Metadata Set Definition window, in Permissions, select the Users tab, and then click Add User.
- In the Search Users window, in Account or Email, type in the user's information, and then click Search.
- Select a user, and then you are returned to the Edit Metadata Set Definition window.
- By default, the user is granted both Read and Write permissions.
- Select the Read checkbox to grant or deny the user Read permissions.
- Select the Write checkbox to grant or deny the user Read permissions.
- At the bottom of the Edit Metadata Set Definition window, click Save.
It is very important to remember that all changes made to permissions are not saved until "Save" button is clicked and the validation is successful.
Watch a video on granting users permission to access Metadata.
All paths have to have one of the following formats:
- /USERNAME/...
- /EXTERNAL/…
Administrators can choose to allow all paths or specific paths on which the metadata sets can be added.
- By default all paths are allowed.
- When an administrator wants to provide a specific set of allowed paths:
- the "Allow Selected Paths" option has to be selected and
- all allowed paths have to be specified via the Add Allowed Path dialog.
- When the path is added it will be displayed on the list.
- A path can be removed from the list by clicking on the "Remove Allowed Path" icon.
When path is allowed all sub-paths are automatically allowed as well. For example, when path: /USERNAME/assets is allowed than automatically the sub-paths /USERNAME/assets/images, /USERNAME/assets/videos/HD, etc are allowed.
Watch a video on creating allowed paths.