Skip to main content

Setting permissions

With account management, user permissions for access to Dynamic Content hubs and repositories, are set by assigning:

  • Organization roles - All members have either the Admin or Member organization role

  • Hub roles - Control access to Dynamic Content hubs for teams and individual members

  • Repository roles - Control access to Dynamic Content repositories for teams and individual members

info

Roles are the replacement for personas as the way of managing access to Dynamic Content. Contact Amplience support or Customer Success about migrating to roles.

Understanding how roles work
Link copied!

Hub and repository roles can be set for individuals and teams. There is a role priority that determines the order in which they are used.

Individual roles
Link copied!

The simplest way to set permissions is assigning roles to individual members. This example shows a member, who has the Publisher role for the "Content" and "Slots" repositories in the Acme production hub.

Assigning roles to an individual

Team roles
Link copied!

Teams are an efficient way to set permissions for multiple members with the same access requirements. Here's an example showing two members in a "Copywriters" team.

Example team

In our example, we want both team members to have the Author role for the "Content" repository, and the Publisher role for the "Slots" repository, so we assign the repository roles to the team.

Roles assigned to example team

Looking at either of the team members individually, their roles for the "Content" and "Slots" repositories are assigned by the team.

tip

The "TEAM" icon indicates that a role is inherited from a team. See Role priority.

Roles assigned to members from a team

info

Team access for hubs and repositories, cannot be revoked at an individual level. This is indicated by the switcher control color being completely gray.

Role priority
Link copied!

When roles are assigned to both individual members and teams, members could have different permissions set for the same hubs and repositories.

Role priority

The priority for using individual and team roles is:

  • The role that provides the greater access is used
  • Where individual and team level roles provide the same access, the team role takes precedence

Inherited team roles are identified with the "TEAM" icon:

Inherited team roles

You can check which role has been set at individual level, using the "Individual role" dropdown menu, shown below. Note, in our example the team role is Author, and the individual role is Member. The team role is used because it provides greater access.

Inherited team roles

Role priority step-by-step
Link copied!

This role priority example follows on from the Teams roles example above. The member "Julia" has the Publisher role directly assigned for two repositories.

Roles assigned to an individual

We then add "Julia" to our example "Copywriters" team.

New member added to team

The "Copywriter" team assigns the Author role for the "Content" repository. This conflicts with "Julia's" individually assigned role of Publisher for that repository. Note that the Author role provides less access than the Publisher role.

Team with different roles to individual

Now that "Julia" is a member of the "Copywriters" team, team roles will be used if they provide equivalent or greater access than individually assigned roles.

Inherited team roles

Notice that:

  • The individual role assigned for the "Content" repository (Publisher) is used because it gives greater access than the team role (Author)
  • The team roles assigned for the hub and "Slots" repository are the same as those set at individual level, so the team roles take precedence (indicated by the "TEAMS" icon)
  • Where team access takes precedence, it cannot be revoked or changed at an individual level (indicated by the all gray switcher controls in the Edit member pane)

You can easily find out what role is assigned to an individual, when a team role has been inherited. For example, below the Edit member pane shows the "Slots" repository role is inherited from a team. To check what role is assigned to the individual, open the roles dropdown menu. In this example, the "Publisher" role is assigned to the individual. Although the team role is the same, it takes precedence over the individual role.

Checking an individual's assigned role

Assigning organization roles
Link copied!

There are two organization roles, member and admin, allowing non-admin and admin users. By default, members are assigned the organization Member role. The organization role can be set for one member at a time only.

Promoting to Admin role
Link copied!

When a member is promoted to be an organization admin, they get access to all hubs and repositories automatically.

To promote a member to be an organization admin, hover over an active member and choose "Promote to admin" from the contextual menu.

Promote to admin menu option

The "Promote user to admin" dialog is displayed. Click "Confirm" to assign the organization admin role. A notification confirms the change.

Member promoted to admin

tip

You can also promote a member to be an organization Admin, from the Edit member pane.

Demoting to member role
Link copied!

When an organization admin is demoted to be a member, they regain the roles had before the promotion.

To demote an organization admin to a non-admin member, hover over an active member in the member list and choose "Demote to member" from the contextual menu.

Demote to member menu option

The "Demote user from admin" dialog is displayed. Click "Confirm" to assign the organization member role. A notification confirms the change.

Member demoted from admin

tip

You can also demote a member from the admin role, from the Edit member pane.

Assigning hub roles
Link copied!

User permissions for accessing Dynamic Content hubs, are set by assigning hub roles.

The hubs to which users have access are shown in the Dynamic Content app hub list.

Hub access for one hub in DC

note

If the Dynamic Content Assets tab is provisioned on your account, it may be configured so that user access to asset stores is determined by hub permissions. In this case, assigning hub roles of Author (or above) allows users to view and upload assets to all of the asset stores to which the Dynamic Content hub has access. For more information, see Assets tab provisioning options.

Hub roles can be assigned to:

  • Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane

  • Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane

This example, shows how to assign hub roles to an individual member.

Open the Edit member pane

In the edit pane, click the hub for which you want to give access. This automatically assigns the Member role for the hub and expands to show its repositories. Here, member access is given for the "Acme Production" hub.

Assigning the hub member role

tip

If you are using individual and team roles, a Team icon indicates when a role is inherited. See Role priority.

To assign a different hub role, choose from the dropdown list. Here, we've assigned the Author role. See the hub roles descriptions.

Assigning hub author role

For this example, Dynamic Content will show the member now has permission to use two hubs. The hub they could already access, and the hub for which they've been assigned the Author role. Notice how the Development tab isn't shown in Dynamic Content. This is because we assigned the hub Author role which doesn't allow any developer actions.

Hub access for two hubs in DC

Assigning repository roles
Link copied!

You control repository permissions for members and teams by assigning repository roles. The roles can be assigned on a per repository basis to provide different levels of permission for different repositories.

Repository roles can be assigned to:

  • Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane

  • Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane

This example shows how to assign repository roles to an individual member.

Open the Edit member pane

In the edit pane, click the switch control for the repository you want to give access. This automatically assigns the same role as set for the parent hub. If the member doesn't already have an assigned role for the parent hub, the hub Member role is automatically assigned.

tip

Use the V (to the left of a hub name) to navigate directly to repositories even if the member or team doesn't yet have access to the parent hub.

Assigning repository and hub roles

Use "Enable all", to assign the role for all repositories in a hub. If different roles are already set on some repositories, they will remain the same. Using "Disable all", disables all roles set for the hub.

tip

If you are using individual and team roles at the same time, roles may be inherited from a team. Where this is the case, a "Team" icon indicates the role is inherited. See Role priority.

When you've assigned the required roles and saved your changes, a notification confirms the saved changes. Looking in Dynamic Content, you can see that the user now has access to the repositories for which you assigned roles.

Assigning repository and hub roles

Viewing assigned roles
Link copied!

Use the view pane for a clear view of assigned roles. Unlike the edit pane, which lists all hubs and repositories in an organization, the view pane lists only the hubs and repositories to which access is given.

To view assigned roles for an individual member: From the Members tab, click on the member in the list. The view member pane is displayed.

To view assigned roles for a team: From the Teams tab, click on the team in the list. The view team pane is displayed.

You can use the search to find the specific hub or role for which a role is set.