Setting permissions
User access for Dynamic Content hubs and repositories is controlled by assigning roles to users and teams. Organization admins can set permissions for all users. In addition, users with the admin role for a hub can manage permissions for other users of that hub and its repositories.
The following set of roles are provided for controlling user access to hubs and repositories:
- Admin - can do all actions relevant for an organization, hub or repository
- Developer - can do actions that enable other users to create and manage content on a hub or repository
- Publisher - can manage editions and events to schedule content on the appropriate hubs, and publish content
- Author - can create, archive and delete content in the appropriate hubs and repositories, but not publish content
- Member - can view events, editions and content but not manage or publish anything
For information about what actions each role allows, see Roles.
If your Dynamic Content users require permission to access assets stores and assets through the Assets tab, you'll need to request Assets tab provisioning.
How roles workLink copied!
Hub and repository roles can be set for individuals and teams. There is a role priority that determines the order in which they are used.
Individual rolesLink copied!
The simplest way to set permissions is assigning roles to individual members. This example shows a member, who has the Publisher role for the "Content" and "Slots" repositories in the Acme production hub.
Team rolesLink copied!
Teams are an efficient way to set permissions for multiple members with the same access requirements. Here's an example showing two members in a "Copywriters" team.
In our example, we want both team members to have the Author role for the "Content" repository, and the Publisher role for the "Slots" repository, so we assign the repository roles to the team.
Looking at either of the team members individually, their roles for the "Content" and "Slots" repositories are assigned by the team.
The "TEAM" icon indicates that a role is inherited from a team. See Role priority.
Team access for hubs and repositories, cannot be revoked at an individual level. This is indicated by the switcher control color being completely gray.
Role priorityLink copied!
When roles are assigned to both individual members and teams, members could have different permissions set for the same hubs and repositories.
The priority for using individual and team roles is:
- The role that provides the greater access is used
- Where individual and team level roles provide the same access, the team role takes precedence
Inherited team roles are identified with the "TEAM" icon:
You can check which role has been set at individual level, using the "Individual role" dropdown menu, shown below. Note, in our example the team role is Author, and the individual role is Member. The team role is used because it provides greater access.
Role priority step-by-stepLink copied!
This role priority example follows on from the Team roles example above.
Here, the user member@acme has the Publisher role directly assigned for two repositories.
We then add this user to our "Copywriters" team.
The "Copywriter" team assigns the Author role for the "Content" repository. This conflicts with the user's individually assigned role of Publisher for that repository. Note that the Author role provides less access than the Publisher role.
Now that the user member@acme is a member of the "Copywriters" team, team roles will be used if they provide equivalent or greater access than the user's individually assigned roles.
Notice that:
- The individual role assigned for the "Content" repository (Publisher) is used because it gives greater access than the team role (Author)
- The team roles assigned for the hub and "Slots" repository are the same as those set at individual level, so the team roles take precedence (indicated by the "TEAM" icon)
- Where team access takes precedence, it cannot be revoked or changed at an individual level (indicated by the all gray switcher controls in the Edit member pane)
Assigning organization adminsLink copied!
Organization admins can perform all account management actions for all of the hubs and repositories in an organization.
Organization admins can promote and demote other users to be organization admins one at a time.
Promoting to organization adminLink copied!
When a member is promoted to be an organization admin, they get access to all hubs and repositories automatically.
To promote a member to be an organization admin, choose "Promote to admin" from their contextual menu.
The "Promote user to admin" dialog is displayed. Click "Confirm" to assign the organization admin role. The organization admin icon highlights the change.
You can also promote a member to be an organization admin, from the Edit member pane.
Demoting to memberLink copied!
When an organization admin is demoted to be a member, they regain the roles had before the promotion.
To demote an organization admin to a non-admin member, hover over an active member in the member list and choose "Demote to member" from the contextual menu.
The "Demote user from admin" dialog is displayed. Click "Confirm" to demote the organization admin. The organization admin icon is removed.
You can also demote an organization admin, from the Edit member pane.
Assigning hub rolesLink copied!
User permissions for accessing Dynamic Content hubs, are set by assigning hub roles.
The following users can assign hub roles:
- Organization admins
- Users with the hub admin role assigned can set permissions on the hubs for which they are admins
The hubs to which users have access are shown in the Dynamic Content app hub list. Note the Development tab is displayed if the user has the Developer role for the selected hub.
If the Dynamic Content Assets tab is provisioned on your account, it may be configured so that user access to asset stores is determined by hub permissions. In this case, assigning hub roles of Author (or above) allows users to view and upload assets to all of the asset stores to which the Dynamic Content hub has access. For more information, see Assets tab provisioning options.
To assign hub roles to:
Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane
Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane
Here, we are assigning hub roles to an individual member.
In the edit pane, click the hub for which you want to give access. This automatically assigns the Member role for the hub and expands to show its repositories. Here, member access is given for the "Acme Production" hub.
If you are using both individual and team roles, a Team icon indicates when a role is inherited. See Role priority.
To assign a different hub role, choose from the dropdown list. Here, we've assigned the Author role. See the hub roles descriptions.
In Dynamic Content, the hub menu will show the hubs to which users have access. See Dynamic Content Hub menu.
Assigning the hub admin roleLink copied!
Organization admins can assign the hub admin role to users. This also gives a user admin level permissions for all the repositories within that hub too. The hub admin role is particularly useful for enterprises with many hubs, who want to control which hubs their admin users access and manage.
Users with the hub admin role on at least one hub are highlighted in Account Management.
If a member is demoted from having the hub admin role, to the role they previously had (with lesser permissions), their previous permissions are restored.
Assigning repository rolesLink copied!
You control repository permissions for members and teams by assigning repository roles. The roles can be assigned on a per repository basis to provide different levels of permission for different repositories.
The following users can assign repository roles:
- Organization admins
- Users with the hub admin role assigned can set permissions for all repositories in the hubs for which they are admins
To assign repository roles to:
Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane
Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane
Here, we are assigning repository roles to an individual member.
In the edit pane, click the switch control for the repository you want to give access. This automatically assigns the same role as set for the parent hub. If the member doesn't already have an assigned role for the parent hub, the hub Member role is automatically assigned.
You can use the down arrow (V) to the left of a hub name to expand its list of repositories, even if the member or team doesn't yet have access to the parent hub.
Use "Enable all", to assign a hub's role to all of its repositories. If different roles are already set on some repositories, they will remain the same. Using "Disable all", disables all roles set for the hub.
If you are using individual and team roles at the same time, roles may be inherited from a team. Where this is the case, a "Team" icon indicates the role is inherited. See Role priority.
When you've assigned the required roles and saved your changes, a notification confirms the saved changes. Dynamic Content users have the repositories to which they have access, listed in the navigation panel. See Dynamic Content - Quick tour.
Viewing assigned rolesLink copied!
Use the view pane for a clear view of assigned roles. Unlike the edit pane, which lists all hubs and repositories in an organization, the view pane lists only the hubs and repositories to which access is given.
To view assigned roles for an individual member: From the Members tab, click on the member in the list. The view member pane is displayed.
To view assigned roles for a team: From the Teams tab, click on the team in the list. The view team pane is displayed.
You can use the search to find the specific hub or role for which a role is set.
Finding individually assigned rolesLink copied!
You can easily find out what role is assigned to an individual, when a team role has been inherited. For example, below the Edit member pane shows the "Slots" repository role is inherited from a team. To check what role is assigned to the individual, open the roles dropdown menu. In this example, the "Publisher" role is assigned to the individual. Although the team role is the same, it takes precedence over the individual role.
