Knowledge Base

Set Permissions on a Metaproperty Option Level

Apart from defining permissions on the permission profile level, you can set permissions for specific metaproperty options. In this way, you can decide, for example, to hide specific assets that have been tagged with the selected metaproperty options from users, who normally have the right to view, edit, and/or remove assets in their portal. You can also decide that specific users or user groups should not have the possibility to tag an asset with the selected metaproperty option when they edit or upload assets.

How to Set Permissions on a Metaproperty Option Level

Follow our walkthrough below, which will take you through all the steps to set up permissions on a metaproperty option level or follow the steps below.

  1. Go to settings-icon.pngSettings > Taxonomy > Metaproperties management.

    Tip

    Use the search bar in the right top corner to search for specific metaproperty options. Enter the name or label of the option you’re looking for and click Search. Click Reset to show all options again.

  2. Click the Screen Shot 2016-11-23 at 15.50.31.png icon next to view the options of this metaproperty.

  3. To edit access for a metaproperty option, click theScreen Shot 2016-11-23 at 15.50.22.png icon for the selected metaproperty option.

  4. Select the right security access option.

Conflicting Metaproperty Option Level Permissions

Are you not sure if with the metaproperty option level permissions that are in place users can view, edit, remove or audit assets? Follow the walkthrough below to have a better understanding of how (conflicting) metaproperty option permissions work and what exceptions need to be taken in consideration or see the explanation and examples below. Use the Asset Permission Viewer instead if you want to analyze the metaproprty option permissions on an asset level.

Assets can be tagged with multiple metaproperty options for which permissions are set up. To avoid conflicts and security concerns at all times the default portal configuration requires users to have all the necessary permissions in order to view, edit and/or remove the asset for which the various permissions have been set up. The same applies to auditing download and upload requests for assets that are tagged with multiple metaproperty options that all have individual auditing permissions set up. Auditors will need to have all the necessary permissions in order to audit this type of requests.

For example, the asset below is tagged with the metaproperty options North America and Legal Access Level 5. For both options restrictions are in place. The user group North America - Designers is allowed to view assets tagged with the option North America, but is not allowed to see media tagged with the option Legal Access Level 5.

In this case there is a metaproperty option permission conflict and the default portal setup will not allow the user group to view the asset. The same logic would apply to other permissions.

asset_permission_conflict.png
Assets Tagged With Multiple Hide by Default Metaproperty Options

Do you have an asset tagged with multiple metaproperty options that belong to the same metaproperty with different access restrictions? In certain use cases you may prefer that when users don't have all the necessary permissions for each option they can still view the asset. We can configure the portal in a way that having only one out of all the necessary permissions is enough to perform the corresponding action. In the example below the user group Only Access To Europe would then be able to view the asset.

Note

The Hide media from this option overrules any other permission/restriction that is set for a different option within the same metaproperty, which means users won't be able to view, edit and remove the asset.

asset_permission_conflict2.png
Assets Tagged With Hide by Default and No Restrictions Metaproperty Options

By default, assets tagged with hide by default metaproperty options and options with no access restrictions belonging to the same metaproperty are not visible to users. If you don't want this standard behavior the optional configuration can be a solution.

In the below example an asset is tagged with the Level 1 and No Restrictions options under the Access Level metaproperty. The Level 1 option is a hide by default metaproperty option. In the default setup this would mean that nobody can see this asset unless they are added as an exception to the Level 1 option. The No Restrictions option is not hidden by default. In the default setup having access to only one of the option determines that users cannot view the asset.

When the optional configuration is enabled the permission profiles, user groups and/or users who only have viewing rights for one of options can still view the asset. Additional configuration for the option(s) with no restrictions is necessary though otherwise the system cannot determine whether users should be able to view the asset or not. In the below example all users were given viewing rights for the No Restrictions option by enabling the Show media from this option right for all the available permission profiles.

hide_no_restrictions.png

Contact your Customer Success Manager if you would like to have this non-standard setup enabled for your portal or when you would like to double check which behaviour currently applies to your portal.

Did You Know?

Note

  • This optional configuration only applies to metaproperty options that belong to the same metaproperty.

  • This optional configuration does not work when other hide by default options have specific restrictions in place. If in the above example the option Africa would have been hidden specifically for the Only Access To Europe user group, users still wouldn't be able to view the asset.

  • The optional configuration can only be used for the Show media from this option and cannot be used for the hide, edit, audit and remove options.

  • Make sure to first analyze your current metaproperty option permissions in order to avoid any security risks or data breaches.

    Once this setting is enabled it will automatically apply to all assets. Depending on your metaproperty option permission setup, (sensitive) assets that were hidden to specific permissions profiles, user groups and/or users before can now become available to a larger user base.

Learn more