How do permissions for Mediaflow users and groups work?

Information about what permissions you can set and how they can affect each other.

What types of user types are there - Basic / Pro / Pro + Admin

In Mediaflow, there are actually two different user types, namely Basic and Pro. When it comes to Pro users, these can then also be raised (by yourself) to Pro + admin. Below is what distinguishes these.

Basic user = Regular user in the system with access to the iOS and Android app. You can create an unlimited number of Basic users.

Pro users = Pro users are extended with phone and chat support and automatic access to various plugins for, among other things, InDesign, Office (Word and Power Point) etc. Read more about these plugins here (swedish)

A pro user can also be promoted to Pro + admin for extended administration permissions. However, only those who are already Pro + Admin can do this.

Pro + Admin = A Pro user who has been raised to the Admin level has further expanded options by being able to activate Superadmin when you click on his name in the upper right corner.

When Superadmin mode is activated, you bypass all permissions and see everything that might otherwise be hidden. This is a very good mode for troubleshooting and the highest level of administration. The activated mode is very clear with a different color marking at the top of the window.

How do I work with permissions?

You can set permissions for files on three different levels:

• Basic permissions for users in a group, such as the ability to load
upload files, index (put keywords), move files, create folders and the like.
• Permissions at folder level, for example which groups are allowed to work in specific ways in a folder. Upload files, download and so on.
• File-level permissions, such as which groups are allowed to download a specific file.

Permissions in Mediaflow are not controlled per user but at group level. The group you are part of decides which permissions that you have.

It is usually sufficient to set permissions at group and folder level. Note however that an individual
file can be in several folders at the same time, which means that all permissions on all of these
folders determine what a user can do (if differing permissions have been set for the folders).

As an example we take Hans who is a member of the group of external photographers. Even if he would
has permission to download images from a shared folder, he still does not have permission
to download one of the images located in the folder.

This is because of Karin who is the communications manager wants to keep track of how images in a certain folder are to be used, and has therefore placed the file in another folder which she has marked with negative permission. In this way, the group of external photographers can only see but not download the current image file. You set the permissions for folders in the Folder Access and Folder Security tabs, which are visible in the right info panel when a folder is selected. The system is based on the same principle as for group permissions.

How does cross, check and empty box work?

The most important thing to know about these is that a cross (strong negative) for a permission in one group means that a tick (permissive) for the same (!) permission in another group simply no longer applies because the cross always weighs heaviest.

Example: You have two groups that you have created. Photographers and Web Editors. In the group Photographers, you have set a permissible check mark for the permission to "upload files". In the group Web editors, you have put a negative cross for the same permission. This means that users who are members of both of these groups will not be able to upload simply because there is a cross permission in one of the groups that they are members of.

When you click the same check box several times, it switches between these three modes. As by default, the Let subfolders inherit these settings check box is checked. That means your access settings are also set on any subfolders. Also new subfolders created later will inherit these settings.

Note that you can deny access to yourself by denying "All users" access to the folder! - As an administrator, you get around this by activating the administrator mode, which bypasses all restrictions, which in turn means that you now can see hidden folders.

In addition to this, you can also set some limited permissions based on color marking. For example
you can set red-marked files not to be downloaded, regardless of the settings on
folder and file level. You specify this in the tab Color marking (swedish article) under settings.

A cross (strongly negative) always weighs heaviest.

A tick is permissible (but a cross in another group goes over).

An empty box is like a faint denial. It is not allowed but a checkmark in another group weighs heavier

Administration of users and groups

Mediaflow is based on each user being logged in with their own username. Each account should be personal to facilitate the management of permissions and traceability. A user account can be part of one or more user groups to inherit the permissions of these groups.

When you as a new user login for the first time, you can easily change the password by clicking on your name at the top right, then on My profile to open the box to administer your profile!

All Mediaflow users are automatically in the "All Users" group and can not be removed from there. The permissions of this group control the permissions of all users!

Under Groups, there is a group called All users. This group is a preset group that is locked. All users in Mediaflow are in this group regardless of other affiliations, which means that settings for this group therefore apply to all.

Note that a user's permissive permissions from the All Users group can be overridden by giving them a negative check for a permissions in another group.

As an administrator, you get access to the Users and Groups sections by clicking the Cog Wheel (top right corner). Here you can add and edit users and groups respectively. You specify during user management which groups a user shall belong to.

A user who is a member of three groups will inherit the permissions of these three groups.

Be careful with the Cross (strong negative permission setting) as this will restrict the permission everywhere if someone is a member of more than one group

Under the section permissions for members of the group in group management, you can enter
what basic qualifications members of the group in question should have. Examples of
permissions are the ability to upload files, be able to delete files, be able to create archive folders,
be able to add users and groups etc. Each individual permission can be set either permissive (a green tick) or negative (a red cross), or not at all (an empty box). By click on the same check box several times and it will switch between these three modes.

Because an individual user can be a member of several groups, each authorization is determined
based on the permissions of all the groups it is a member of. There must be at least one
authorizing group for that competence to apply. A denied attitude always precedes one
permissive, i.e. if a user is in two different groups where one group says that may upload files (permissive, a green check mark) and the other that he may not (negative, a
red cross) so the result is that he does not get. If, on the other hand, the other groups change from
negative to nothing at all (an empty box) so the result is that he is allowed.

It is also possible to decide which groups should be available to others groups. It is thus possible to hide groups of users from each other. For example, you can have
affiliated photographers or customers who can not see which other photographers or customers
is in the system. This is done under the section Access to groups & users in
group management.