Grass Valley Xmedia Server Vertigo Suite v.5.0 User Manual
Page 229
20-4
XMS Configuration Guide
User rights management
Once the Policy Store repository is created, it is populate with operations, task definitions, and
role definitions, which can be assigned to Windows users and groups (figure
). These are
the basic building blocks of the Policy Store used by the Authorization Manager to grant or deny
operations within the Vertigo Suite to your organization’s users and groups.
Figure 20-3. The relationship between the Policy Store elements
Figure
demonstrates the relationship between the Policy Store elements.
An overview of each element is provided in the following sections:
•
“VertigoXmedia Application, operations, and task definitions” on page 20-4
•
“Role definitions” on page 20-5
•
“Role assignments” on page 20-5
•
VertigoXmedia Application, operations, and task definitions
Operations correspond to the actions that can be undertaken in the Vertigo Suite
applications, like saving or deleting an asset. The Vertigo Suite pre-defines a series of
operations under the application name V
ERTIGO
X
MEDIA
that it uses to restrict access to its
various components based on the security policy defined in the Policy Store. In essence,
an application is a scope or a grouping, and the VertigoXmedia application is the grouping
that the Xmedia Server uses via the Authorization Manager to implement an access control
list. See
“Vertigo Suite Operations” on page 20-6
for a list of the operation definitions
included in the VertigoXmedia application.
Operation definitions are most commonly grouped into task definitions. For example, by
grouping several operations together you can create a task definition that grants all of the
permissions required to publish a scene. Note that task definitions can also support
inheritance from other task definitions.
The following sections provide instructions for creating or editing task definitions:
•
“Creating a new task definition” on page 20-37
•