medialoopster administration → Authentication And Authorization → Permissions

The Permissions model is a way to grant or deny users and groups access to various actions. Its entries can be categorized as:

administration interface permissions: add, change, delete entries for every model (still with the recommendation that some models are not supposed to be tampered with manually via the administration interface)
frontend permissions

Frontend permissions

Content type	Name	Codename	Description
<type> asset*	Can approve <type> assets	`approve_<type>_asset`	Approve/disapprove assets for editorial purpose. Users without this permission will not see disapproved assets as well.
<type> asset	Can archive <type> assets	`archive_<type>_asset`	Send asset to archive.
<type> asset	Can change the deletion date of <type> assets	`change_<type>asset_date_del`	Change the delete date via "Current assets → Hold" in the management interface and in the browser interface.
<type> asset	Can edit metadata of <type> assets	`edit_<type>asset_metadata`	Edit asset metadata.
<type> asset	Can restore <type> assets	`restore_<type>_asset`	Restore asset from archive.
<type> asset	Can transfer <type> assets	`transfer_<type>_asset`	Transfer asset.
<type> asset	Can upload <type> files	`upload_<type>asset`	Upload or import assets.
<type> keyword	Can use keywords to tag <type> assets.	`use_<type>keyword`	Use keywords to tag assets (needs "edit_sequence" as well).
annotation	Can add annotations to an asset and change/delete own annotations	`annotate_asset`	Create annotations, edit/delete own annotations.
favorite item list	Can use rough cut editing function	`rough_cut_editing`	Use rough cut editing function.
favorite item list	Can use DEMO player function	`rough_cut_editing_demo`	In the rough cut editor for favorites lists, play in the media player the compiled footage from the timeline editor, from the current position of the playhead.
global ingest permission (not attached to a model)	Can access ingest control	`ingest_control`	Access to the ingest control.
global management permission (not attached to a model)	Can access management	`manage_medialoopster`	Access to the management interface.
production	Can share assets with other productions	`share_production_asset`	Share assets with other productions.
sequence	Can edit an asset's sequences and shots	`edit_sequence`	Edit an asset's sequences and shots metadata, create and delete shots and sequences.
sequence	Can change sequence TRIP-ID	`change_trip_id`	Edit sequence trip-ID.
sequence	Can change sequence RNB	`change_rights_rnb`	Edit sequence permissions and side notes.
shot	Can change shot licensor	`change_shot_licensor`	Edit "licensor" field from a shot (needs "edit_sequence" as well).
shot	Can change shot license	`change_shot_license`	Edit "license" field from a shot (needs "edit_sequence" as well).
shot	Can change shot location city	`change_shot_location_city`	Edit "location" field from a shot (needs "edit_sequence" as well).
video asset	Can use still frame export function	`export_still_frame`	Download still image of the current video frame.
viewer	Can modify viewer sources and destinations	`edit_viewer_options`	Modify viewer sources and destinations (ingest).
viewer	Can see viewer status messages	`see_viewer_status`	See viewer status messages (ingest).
viewer	Can see viewer log messages	`see_viewer_logs`	See viewer log messages (ingest).

* the asset type can be audio, image, video or project.

The Permissions model is complemented by:

devices specific fields:
- the write permission groups: for asset transfers
- allow direct writing: the writing is direct, instead of buffered; it is recommended to leave the default true value.
user specific fields:
- superuser status: this user has all permissions from the Permissions models without explicitly assigning them (it does not include login into the administration interface!).
- staff status: the user can log into the administration interface and change its password (if connected to the LDAP server); however, it needs additional permissions to see any model or perform any additional actions there.
read, and optionally write/delete group or user production memberships.

At setting up workflows you can see the combinations of permissions that you need to assign to users for various user workflows.