Role definitions, Role assignments, Scopes – Grass Valley Xmedia Server Vertigo Suite v.5.0 User Manual
Page 230
XMS Configuration Guide
20-5
User rights management
Role definitions
Since the authentication model is role-based, operations and task definitions are grouped
together into Role Definitions. Role definitions are determined by the job functions in your
organization’s workflow and they essentially group together the permissions that are
required for someone to perform the job function.
Figure
demonstrates that role definitions support inheritance from other role
definitions. In other words, a role definition’s permissions is the sum of all lower-level role
permissions and its own.
The following sections provide instructions for creating or editing role definitions:
•
“Creating and populating a new role definition” on page 20-38
•
“Editing role definitions” on page 20-43
Role assignments
Figure
demonstrates that a role assignment associates a single role definition with the
Windows users and groups that require the permissions encompassed within the role
definition to perform their job functions.
The most common procedure that system administrators carry out in the user rights
management models is to assign Windows users and groups to a role. The following
sections provide instructions for creating or editing role assignments:
•
“Creating a new role assignment” on page 20-40
•
“Adding and removing users from a role assignment” on page 20-47
Scopes
Category access restrictions are catalogued using the Authorization Manager’s concept of
Scopes. Scopes appear as GUID-named folders under the VertigoXmedia application.
They contain mappings between internal XmediaServer category identifiers (GUIDs) and
the Windows users and groups that are allowed to see the category in the asset browser.
They are created by the Xmedia Server and edited within the asset browser in Vertigo Suite
applications. The scopes that are created in the Authorization Manager snap-in must not be
modified or deleted manually. The presence of a category's identifier as a scope in the
Authorization Manager means that the category has restrictions set. More information about
Authorization Manager scopes is provided in
“Restricting access to asset categories” on
.
Figure 20-4. A scope is automatically added by the XMS when an asset category is restricted
Scope