Creating roles gives you the ability to control what users can see and do in Dalet Flex. You can create roles based on the jobs that exist within your organisation. For example, if you have an Editor in your organisation, you might create a role that has permissions specific to that position.
Creating a Role
- Click the Desktop tab.
- In the toolbar on the left, click New and then select Role from the drop down menu.
- In the Create new Role screen, enter a Name and Description.
- You can assign Visibility to the role you are creating. This means that this role will be available in the selected accounts or sub accounts and can be assigned to users within those accounts. If you do not assign visibility, it can only be assigned to users in the account it was created in.
- Click Save to finalise.
Once you have created a role, you can apply permissions to that role. The number and type of permissions depend on the tasks performed by users with the role. Roles and permissions are usually created by site administrators and users with different roles will have access to different area of the organisation's Dalet Flex account.
You assign permissions in the Permissions tab. There are different types of permissions.
Permissions that give access to Flex Core and manage functionality in the system
Permissions for working with objects in the system
Permissions that control access to applications in the User Interface in Dalet Flex (Flex Core and/or FlexMAM)
To assign permissions to use a particular functionality, access a specific module or work with an object type, select the check boxes in the sections in the Permissions tab.
The permissions are divided into the following sections:
- User interface
The Apps section gives access to Flex Core.
This permission must be assigned together with the following permissions:
- Master Account > reference
- Users > View
- Permissions for at least one of the sections in Flex Core in the User Interface.
If you do not have permissions for the tab that you set as your default home page, see here, this error will be displayed, but you will be able to access the module/s that you have permissions for.
The Functionality section has a list of permissions that control access to global Dalet Flex functionalities, such as workspaces and search, allowing you to control what functions can be carried out by a specific role. You might assign some, if not all these permissions, to an advanced role such as a Systems Administrator so that they have full control over functionality in Dalet Flex.
NOTE: Most of the Functionality permissions only apply to Flex Core. The main exceptions are the Switch Account & Workspace and Workspaces permissions, these also affect behavior in Flex MAM.
This table explains the different functions assigned when you give the permission by selecting the check box.
|This permission||Allows you to...||Additional information|
|Act As||Act as another user or to switch to a different account||See Acting as another User for more information.|
|Delete Locks||Manually delete a lock on an asset||
See the Locking section of the General Configuration for more information.
|Destroy||Hard delete an object using API||The destroy functionality is only available using API. An object deleted in Flex Core is not removed immediately from the database. It is marked with delete flag = true but remains in the interface until it is purged by the system|
|Downloads From UI||Download an asset from Flex Core||If you do not have this permission, the Download icon is not displayed in Assets in Flex Core.|
|Export||Export objects as XML files||You can export configurations of objects created in the Settings/Access tabs. If you do not have this permission, the Export icon is not displayed inside individual objects and is disabled when Bulk Actions is enabled. In addition, the Export option is not available in the More Actions list.|
|Global Search||Use Global Search||The Global Search field is displayed at the top right of Flex Core. This field is used to search asset types, players, tasks etc as displayed in the Results Filter list. If you do not have this permission the Global Search field is not displayed.|
|Import||Import objects as XML files||If you do not have this permission, the Import icon is not displayed at the top of the Results table in Flex Core.|
|Job Lock Releasing||Enable the release of asset locking if a job fails||By default when a job fails on an asset, the asset is locked. If you have this permission, the Release Lock on Failure checkbox is displayed when you create a job and you can select it to enable the release of asset locking when the job fails.|
|Manage All Workspaces||Edit membership of a workspace||If you are a member of a workspace, you can edit the membership of that workspace. If you are not a member of a workspace, you must have this permission to add/remove members to/from the workspace.|
|Manage Private Groups||Assign a private group to a Review session||A group can be defined as private. If you have this permission you can assign a private group you are a member of to a particular review session in Flex Core.|
|Manage Privileged Roles||Assign a privileged role to a user||A role can be defined as privileged. If you have this permission, when you assign a role to a user, the privileged roles will also be displayed and you can assign them to a user.|
|Manage Service User||Not currently applicable - can be ignored.|
|My Info||See your personal information||If you do not have this permission, the hyperlink with your name used to display your personal information is not available at the top right of Flex Core.|
|New||Create new objects in Flex Core||If you do not have this permission, the New drop down list is not displayed on the right of the Flex Core UI and the New icon is not displayed in the results table.|
|Saved Searches||Save a search query and its results in Flex Core||If you do not have this permission, the Save Search icon is not displayed when you run a search in Flex Core and you cannot save the search query and its results. Saved searches are displayed on the Desktop in Flex Core.|
|Share Saved Searches||Share a saved search||If you have this permission, you can share a saved search with Accounts, Workspaces or Groups.|
|Shortcuts||Create a shortcut in Flex Core||If you have this permission, you can create a shortcut to a object. The shortcuts are displayed on the Desktop.|
|Stop Review||Stop a review session||If you have this permission you can stop/unpublish a review session in Flex Core or Reviewer. Once a review is stopped, no more feedback or comments can be added to the review.|
|Switch Account & Workspace||Switch between all workspaces||If you have this permission, you can see objects in all workspaces and switch between the workspaces, even if you do not have Workspaces permissions. This permission also controls the workspace permissions in Flex MAM. See here for more information.|
|View All Review Comments||View comments of any user in Reviewer||If you do not have this permission, you can only view your own comments in Reviewer. This permission is not relevant for Flex Core.|
|Wizards||Run stand alone wizards in Flex Core||Some wizards are created as Stand-alone wizards and are displayed in the "I Want To" section on the Desktop. If you have this permission, you can see the "I Want To" section and can run stand alone wizards.|
|Workspaces||Use the Workspace drop down list to view and switch between your workspaces||If you have this permission, the Workspaces drop down list is displayed in Flex Core. This permission also controls the workspace permissions in Flex MAM. See here for more information.|
The Objects section controls the level of access to the different object types that exist in Dalet Flex.
- Configuration objects: Used to define the functionality of the platform, for example, Workflow Definitions and Actions
- Operational objects: The objects that flow through the system, for example, Workflow Instances and Jobs
- Asset objects: System created asset types, for example, Media Assets and Image Assets or custom asset types, such as a Used Defined Object Type (UDOT).
This table describes the access level that can be applied to each object.
|This permission||Allows you to…||Additional information|
|List||See a list of the object type||If you do not have this permission, you may be able to perform a search but you will not see the list of results. The object is also removed from the Settings and Access tabs in Flex Core.|
|Create||Create an object of this type|
|View||View details of an object of this type To use Edit, Rename, Enable, Disable, Start, Stop and Delete, you must have View rights. If you do not have View permissions, you cannot view the Details tab of the object and More Actions and Bulk Actions are not available.|
|Edit||Edit the details of an object of this type||The Edit icon is not displayed if you do not have this permission.|
|Enable||Enable an object of this type||Not all objects need to be enabled. The Enable icon is not displayed if you do not have this permission.|
|Disable||Disable an object of this type||Not all objects can be disabled. The Disable icon is not displayed if you do not have this permission.|
|Delete||Delete an object of this type||To delete Assets, an action of Delete plugin type must exist for the account. If there is no action of this type, the Delete icon/command will not be available for assets even if you have delete permissions.|
|Start||Start an object of this type||Not all object types need to be started. The Start icon is not displayed if you do not have this permission.|
|Stop||Stop an object of this type||Not all object types can be stopped. The Stop icon is not displayed if you do not have this permission.|
|Reference||Access to use an object of this type||You must have visibility for the object type. If you have Visibility + reference permissions for an object you will be able to use the object, even if you do not have View or Edit permissions for it. For example, if you have visibility and reference permissions for Actions, the Action command icons are displayed in the power bar in an asset and you can use the Action even if you cannot view it in the Actions list.|
|Rename||Rename an object of this type||To use Rename permissions, you must have Edit permissions. If you do not have Rename permissions, you can edit properties of an object but you cannot rename it.|
|Approve||Approve/Unapprove an object of this type||This permission is only available for assets and UDOT objects. If you have this permission, the Approve/Unapprove icon is displayed in the Summary tab of assets and can be used to add comments to the asset.|
|Manage acl||Manage access permissions for assets of this type||This permission allows you to share assets in a workspace to a user that is not a member of the workspace. In Flex Core, you must also create an action of Permission plugin type to be able to share assets. See here to learn about managing access permissions for specific assets. The Manage acl permission is not required for collections in FlexMAM, the owner of a collection can always share the collection.|
The User Interface section control access to elements of Flex Core and FlexMAM. If the element is selected, it can be accessed, if it is not selected it is hidden and access to it is disabled. You use these permissions to display only UI elements relevant to a user so that the interface is clearer. There may be some User Interface elements that you want a user to see, and others you do not depending on their role in the company. Apart from administrators, it is unlikely that any role can see all elements of the user interface.
This table describes which parts of the interface are controlled by this permission.
|In this area||This option||Displays/Hides the…|
|Access Section||Search||Access tab in Flex Core|
|Admin Section||Metadata Updates||Metadata Updates option in the Admin tab|
|System Properties||System Properties option in the Admin tab|
|Upload Custom Files||Upload Custom Files option in the Admin tab|
|Assets Section||Search||Search Assets box and disables the ability to use the Advanced Search for Assets. It also removes the links to assets in the Asset Summary table.|
|Trash Bin||Trash Bin option on the Desktop|
|View Technical Details||File tab in an asset. This tab displays the technical details of the asset.|
|Desktop Section||Events||Events option on the Desktop|
|System Summary||System Summary option on the Desktop|
|Upload||Upload option on the Desktop used to access Flex Move|
|Web Upload||Web Upload option on the Desktop used to perform a default ingest action|
|Flex Media Platform||View User Management||Admin icon in FlexMAM and disables access to the User Management app|
|Flex Reviewer||Release Exclusive Review||The Release button in Reviewer to release an exclusive review from the user it is currently assigned to. An exclusive review can only be reviewed by one user at a time.|
|Set Review Priority||Set the priority of a review session in Reviewer|
|Jobs Section||Failed Jobs||“There are failed jobs” link on the Desktop to view failed jobs is disabled|
|Search||Search Jobs box and disables the ability to use the Advanced Search for Jobs. It also removes the links to jobs in the Jobs Summary table.|
|Players Section||Search||Players tab on the Desktop|
|Resources Section||Manage||Resources tab on the Desktop|
|Settings Section||Search||Search Settings box|
|Theme||Theme option in the Settings tab|
|Variants||Variants option in the Settings tab and the Types section in Metadata Designer|
|Tasks Section||My Tasks||My Tasks option on the Desktop that is displayed when you select the Tasks tab|
|Search||Advanced Search option is disabled in the Tasks tab|
|Workflows Section||Failed Workflows||“There are failed workflows” link on the Desktop to view failed workflows is disabled|
|Search||Search Workflows box and disables the ability to use the Advanced Search for Workflows. It also removes the links to workflows in the Workflows Summary table.|
When an account is created, a default role is created for the account without any permissions. Whenever you create a new role, you must assign permissions to that role.
To assign permissions:
In the Role Details screen open the Permissions tab .
Each section contains relevant objects or functionalities. For example, in the Objects section, there is a row for different object types in Dalet Flex, such as accounts, actions, event handlers, media assets, workspaces and so on.
A row containing permission checkboxes for any custom objects that you have created is also displayed. In the example below,
a row is displayed providing permissions options for a custom object type called Episode.
Select individual check boxes in each row to select the specific permissions for a role.
Alternatively, if you want to assign all the permissions in a particular row, click the All check box located to the right of the row.
Applying a Role to a User or a Group
Once you have configured the permissions for a role, you can assign the role to a user or to a group.
To apply a role to a new or existing user or group
- In the Details section of a user or group, click Edit.
- Click the Role drop down menu.
- Select your desired role from the list to apply it to the user (or group).
- Click Save.
These are some examples of sample roles in a company that demonstrate the flexibility of permissions in Dalet Flex are.
An Administrator doesn't necessarily mean that the role is technical in nature. In some organisations there are different types of administrators depending on the industry, such as a User Administrator and a System Administrator.
In this case we will use the example of a User Administrator. The User Administrator will only be able to work with things in Dalet Flex that can be owned such as objects, however they will not have access to anything that will make changes to the system. Anything system related will be left in the hands of a System Administrator who will have the correct permissions.
For example, the User Administrator can:
- Upload, manage, publish, and delete files
- Create and delete users
- Add and remove users from groups
- Create and delete user groups
But the User Administrator cannot:
- Make changes to workflows
- Make changes to metadata schema
- Create or edit roles
- Add or remove permissions from roles (including their own role)
In many different industries a Producer is somebody who produces content, but hands over the responsibility of editing the content to somebody else, such as an Editor. In this example the Producer purely produces the content.
The Producer can:
- Create content to be uploaded
- Upload content that they have created
- Delete content that they have created
- View content that they have uploaded
The Producer cannot:
- Edit the content they have uploaded
An Editor is someone who has permissions to use content that has been uploaded, but will not
be able to create or delete content. They will only be able to work with pre-existing content. A Producer will probably upload the content they have produced, and the Editor will begin editing it.
The Editor can:
- View pre-existing content
- Edit pre-existing content
The Editor cannot:
- Upload content to Dalet Flex
- Delete Content from Dalet Flex
A Viewer is an example of someone who has very limited permissions. They will only be able to search for and view
content that has been uploaded and edited.
The viewer can:
- Search for content that has been uploaded
- View content in lists and search results
- Play content such as Media Assets
The viewer cannot:
- Upload content to Dalet Flex
- Make changes to pre-existing content
- Delete content