Appcenter operations and media access security, Ftp and media access security, K2 storage systems and media access security – Grass Valley K2 Media Client System Guide v.3.3 User Manual
Page 140
140
K2 Media Client System Guide
June 9, 2009
Chapter 6 Administering and maintaining the K2 system
5. Add users and groups to the access control list and set permissions as follows:
a. Click
Add
. The Select Users or Groups dialog box opens. This is the standard
Windows operating system interface to users and groups, so you can use
standard Windows procedures. In the “Enter the object names…” box, you can
enter the users or groups for which you want to set permissions, then click
OK
.
b. In the Permission settings dialog box, select a user or group and then set
permissions as desired.
6. Click
Apply
,
OK
, and
Close
to save settings and close dialog boxes.
AppCenter operations and media access security
AppCenter uses the credential information for the current AppCenter logon and
checks it against the access control list for a K2 bin. This is the access control list that
you set up through the Organize Bins dialog box in AppCenter. In this way,
AppCenter determines whether to allow or deny operations on media in a K2 bin.
Once permissions are granted based on the current logon account, those permissions
remain in place until that account logs off of AppCenter.
FTP and media access security
The following systems host the K2 FTP interface:
• A stand-alone K2 Media Client
• A K2 Media Server that takes the role of FTP server
The way in which the K2 FTP interface applies media access security is explained in
this section.
The K2 FTP interface uses the credential information for the current FTP session
logon and checks it against the access control list for a K2 bin. This is the access
control list that you set up through the Organize Bins dialog box in AppCenter. Any
media access related operations such as get, put, dir, rename and delete are checked
against the FTP session’s logon credentials to access the media. For example, if an
FTP session is denied access to explore bin A, then the session can not initiate a dir
operation on bin A to list the contents of the bin. Furthermore, the session can not
transfer clips into bin A using the put operation.
For the purpose of compatibility FTP access conventions, accounts for user movie or
user mxfmovie are provided on the K2 system. These accounts are automatically set
up when you install K2 software version 3.2 or higher. Do not restrict access for these
accounts. If your security policy requires restricting access to these accounts, contact
Grass Valley Support.
On a K2 Storage System, authentication takes place on the K2 Media Server. Setting
up FTP security for specific local users and groups is not supported on a K2 Storage
System, with the exception of the local movie and mxfmovie accounts. However, you
can set up FTP security for domain users and groups.
K2 Storage Systems and media access security
This section applies to media access security, not FTP security. Refer to the preceding
section for information about FTP security.