Sitecore Content Hub user privileges are granted to users who belong to a user group. Permissions are added as they are added. In this article, we will briefly introduce this.
Prerequisite
As for Content Hub user groups, user groups are set up with the following naming conventions.
- M.Name1.Name2.Name3
M is the name provided by the system, Name1 is the component provided by Sitecore or by default (Builtin), and Authorization. It is possible to use other naming conventions, but they are provided as the standard naming convention.
For example, the following user group names,
- M.Salesfoce.MC.Editors
This will be in the form of users who can edit assets in the Salesforce Marketing Cloud integration.
How to check permission
Authority with respect to the asset
To see what privileges each user group has, switch to the Users and User Groups screens on the Administration page.
In this case, we will check the M.Builtin.Readers usergroup. Click on the gear icon next to the user group name. You will then be taken to the following screen.
As you can see in the image above, it is a combination of different permissions. For example, so we refer to the first rule.
As a configuration, add conditions on the left side. For example, for an asset, M.Asset is the target and M.Final.LifeCycle.Status: Approved is set. This means that the permission is for assets that have already been approved assets. On the other hand, the checkbox on the right side is the authorization for the asset. In this case, the checkboxes are
- Read
- DownloadPreview
- ReadAnnotatins
set to "read," which allows you to read, download preview, and browse annotations on approved assets. This allows the user to read, download previews, and view annotations for approved assets. Readers, so the permissions on the assets available to M.Builtin.Readers are set. In the list of permissions, you can see that DownloadOrigiral is unchecked, which means that the original content cannot be downloaded.
Permission on page
Another combination of privileges that will be required will be page-related privileges.
M.Builtin.Readers must be able to work with the pages provided in the Sitecore Content Hub, including viewing and searching for assets. For this reason, we have granted permissions for the required pages.
Checking Builtin accounts
Of the user groups provided by default, the following user groups will be used to set up the system. When it comes to actual operation, please assume that you will create a user group that each company wants to use and grant privileges to, instead of a user group called M.Builting.xxx.
Usergroup Name | User permission | Overview |
|---|---|---|
M.Builtin.Readers | User | Assets can be searched and preview images can be downloaded |
M.Builtin.Editors | Editor | Edit, delete, update, and reject assets, and download original assets you are working on |
M.Builtin.Approvers | Approver | Access to assets under review, approval of assets |
M.Builtin.Creators | Creator | Register, delete, update, and reject assets, and download original assets you are working on |
The difference between an editor and a creator is the difference in the pages available.
_M.Builtin.Editors_ will look like this
Creators_ has access to the page where assets are registered, such as creation.
Give _M.Builtin.Creators_ to the person registering the asset and _M.Builtin.Approvers_ to the person approving it.
Summary
For example, you can create a user group called "A" for brand assets and page permissions, "B" for brand assets and page permissions, and then assign those permissions to each user. The user's privileges can be added up. User privileges are added together, so if multiple privileges are to be granted, multiple user groups will be assigned to each user.