Appcenter operations and media access security, Ftp and media access security, K2 sans and media access security – Grass Valley K2 System Guide v.9.0 User Manual
Page 179

5. Add users and groups to the access control list and set permissions as follows:
a) Click
Add
. The Select Users or Groups dialog box opens. This is the standard Windows
operating system interface to users and groups, so you can use standard Windows procedures.
In the “Enter the object names…” box, you can enter the users or groups for which you want
to set permissions, then click
OK
.
b) In the Permission settings dialog box, select a user or group and then set permissions as
desired.
6. Click
Apply
,
OK
, and
Close
to save settings and close dialog boxes.
AppCenter operations and media access security
AppCenter uses the credential information for the current AppCenter logon and checks it against
the access control list for a K2 bin. This is the access control list that you set up through the Organize
Bins dialog box in AppCenter. In this way, AppCenter determines whether to allow or deny operations
on media in a K2 bin.
Once permissions are granted based on the current logon account, those permissions remain in place
until that account logs off of AppCenter.
FTP and media access security
The following systems host the K2 FTP interface:
•
A stand-alone K2 system.
•
A K2 Media Server that takes the role of FTP server
The way in which the K2 FTP interface applies media access security is explained in this section.
The K2 FTP interface uses the credential information for the current FTP session logon and checks
it against the access control list for a K2 bin. This is the access control list that you set up through
the Organize Bins dialog box in AppCenter. Any media access related operations such as
get
,
put
,
dir
,
rename
and
delete
are checked against the FTP session’s logon credentials to access the
media. For example, if an FTP session is denied access to List Bin Contents for bin A, then the
session can not initiate a
dir
operation on bin A to list the contents of the bin. Furthermore, the
session can not transfer clips into bin A using the
put
operation.
For the purpose of compatibility FTP access conventions, accounts for user
movie
or user
mxfmovie
are provided on the K2 system. There is also a
video_fs
account for Mac/FCP access. These
accounts are automatically set up when you install K2 software version 3.2 or higher. Do not restrict
access for these accounts. If your security policy requires restricting access to these accounts, contact
Grass Valley Support.
On a K2 SAN, authentication takes place on the K2 Media Server. Setting up FTP security for
specific local users and groups is not supported on a K2 SAN, with the exception of the local
movie
and
mxfmovie
accounts. However, you can set up FTP security for domain users and groups.
K2 SANs and media access security
This section applies to media access security, not FTP security. Refer to the preceding section for
information about FTP security.
06 November 2012
K2 System Guide
179
Administering and maintaining the K2 system