Setting permissions
With account management, user permissions for access to Dynamic Content hubs and repositories, are set by assigning:
Organization roles - All members have either the Admin or Member organization role
Hub roles - Control access to Dynamic Content hubs for teams and individual members
Repository roles - Control access to Dynamic Content repositories for teams and individual members
Roles are the replacement for personas as the way of managing access to Dynamic Content. Contact Amplience support or Customer Success about migrating to roles.
Understanding how roles workLink copied!
Hub and repository roles can be set for individuals and teams. There is a role priority that determines the order in which they are used.
Individual rolesLink copied!
The simplest way to set permissions is assigning roles to individual members. This example shows a member, who has the Publisher role for the "Content" and "Slots" repositories in the Acme production hub.
Team rolesLink copied!
Teams are an efficient way to set permissions for multiple members with the same access requirements. Here's an example showing two members in a "Copywriters" team.
In our example, we want both team members to have the Author role for the "Content" repository, and the Publisher role for the "Slots" repository, so we assign the repository roles to the team.
Looking at either of the team members individually, their roles for the "Content" and "Slots" repositories are assigned by the team.
The "TEAM" icon indicates that a role is inherited from a team. See Role priority.
Team access for hubs and repositories, cannot be revoked at an individual level. This is indicated by the switcher control color being completely gray.
Role priorityLink copied!
When roles are assigned to both individual members and teams, members could have different permissions set for the same hubs and repositories.
The priority for using individual and team roles is:
- The role that provides the greater access is used
- Where individual and team level roles provide the same access, the team role takes precedence
Inherited team roles are identified with the "TEAM" icon:
You can check which role has been set at individual level, using the "Individual role" dropdown menu, shown below. Note, in our example the team role is Author, and the individual role is Member. The team role is used because it provides greater access.
Role priority step-by-stepLink copied!
This role priority example follows on from the Teams roles example above. The member "Julia" has the Publisher role directly assigned for two repositories.
We then add "Julia" to our example "Copywriters" team.
The "Copywriter" team assigns the Author role for the "Content" repository. This conflicts with "Julia's" individually assigned role of Publisher for that repository. Note that the Author role provides less access than the Publisher role.
Now that "Julia" is a member of the "Copywriters" team, team roles will be used if they provide equivalent or greater access than individually assigned roles.
Notice that:
- The individual role assigned for the "Content" repository (Publisher) is used because it gives greater access than the team role (Author)
- The team roles assigned for the hub and "Slots" repository are the same as those set at individual level, so the team roles take precedence (indicated by the "TEAMS" icon)
- Where team access takes precedence, it cannot be revoked or changed at an individual level (indicated by the all gray switcher controls in the Edit member pane)
You can easily find out what role is assigned to an individual, when a team role has been inherited. For example, below the Edit member pane shows the "Slots" repository role is inherited from a team. To check what role is assigned to the individual, open the roles dropdown menu. In this example, the "Publisher" role is assigned to the individual. Although the team role is the same, it takes precedence over the individual role.
Assigning organization rolesLink copied!
There are two organization roles, member and admin, allowing non-admin and admin users. By default, members are assigned the organization Member role. The organization role can be set for one member at a time only.
Promoting to Admin roleLink copied!
When a member is promoted to be an organization admin, they get access to all hubs and repositories automatically.
To promote a member to be an organization admin, hover over an active member and choose "Promote to admin" from the contextual menu.
The "Promote user to admin" dialog is displayed. Click "Confirm" to assign the organization admin role. A notification confirms the change.
You can also promote a member to be an organization Admin, from the Edit member pane.
Demoting to member roleLink copied!
When an organization admin is demoted to be a member, they regain the roles had before the promotion.
To demote an organization admin to a non-admin member, hover over an active member in the member list and choose "Demote to member" from the contextual menu.
The "Demote user from admin" dialog is displayed. Click "Confirm" to assign the organization member role. A notification confirms the change.
You can also demote a member from the admin role, from the Edit member pane.
Assigning hub rolesLink copied!
User permissions for accessing Dynamic Content hubs, are set by assigning hub roles.
The hubs to which users have access are shown in the Dynamic Content app hub list.
If the Dynamic Content Assets tab is provisioned on your account, it may be configured so that user access to asset stores is determined by hub permissions. In this case, assigning hub roles of Author (or above) allows users to view and upload assets to all of the asset stores to which the Dynamic Content hub has access. For more information, see Assets tab provisioning options.
Hub roles can be assigned to:
Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane
Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane
This example, shows how to assign hub roles to an individual member.
In the edit pane, click the hub for which you want to give access. This automatically assigns the Member role for the hub and expands to show its repositories. Here, member access is given for the "Acme Production" hub.
If you are using individual and team roles, a Team icon indicates when a role is inherited. See Role priority.
To assign a different hub role, choose from the dropdown list. Here, we've assigned the Author role. See the hub roles descriptions.
For this example, Dynamic Content will show the member now has permission to use two hubs. The hub they could already access, and the hub for which they've been assigned the Author role. Notice how the Development tab isn't shown in Dynamic Content. This is because we assigned the hub Author role which doesn't allow any developer actions.
Assigning repository rolesLink copied!
You control repository permissions for members and teams by assigning repository roles. The roles can be assigned on a per repository basis to provide different levels of permission for different repositories.
Repository roles can be assigned to:
Individual members- From the Members tab, choose 'Edit member' from the contextual menu or the view pane
Teams- From the Teams tab, choose 'Edit team' from the teams contextual menu or the view pane
This example shows how to assign repository roles to an individual member.
In the edit pane, click the switch control for the repository you want to give access. This automatically assigns the same role as set for the parent hub. If the member doesn't already have an assigned role for the parent hub, the hub Member role is automatically assigned.
Use the V (to the left of a hub name) to navigate directly to repositories even if the member or team doesn't yet have access to the parent hub.
Use "Enable all", to assign the role for all repositories in a hub. If different roles are already set on some repositories, they will remain the same. Using "Disable all", disables all roles set for the hub.
If you are using individual and team roles at the same time, roles may be inherited from a team. Where this is the case, a "Team" icon indicates the role is inherited. See Role priority.
When you've assigned the required roles and saved your changes, a notification confirms the saved changes. Looking in Dynamic Content, you can see that the user now has access to the repositories for which you assigned roles.
Viewing assigned rolesLink copied!
Use the view pane for a clear view of assigned roles. Unlike the edit pane, which lists all hubs and repositories in an organization, the view pane lists only the hubs and repositories to which access is given.
To view assigned roles for an individual member: From the Members tab, click on the member in the list. The view member pane is displayed.
To view assigned roles for a team: From the Teams tab, click on the team in the list. The view team pane is displayed.
You can use the search to find the specific hub or role for which a role is set.