Workflow Permissions - By group?

Hello,

I've been through the documentation and it seems that folders can be protected via group/user security but when it comes to workflows and collections, it appears that it can only be a "owner all" type of security or a "everyone something". And by something I mean view, edit, change and what not.

Is there any way to have this by group or by users? We have a requirement where some people are allowed to perform certain actions while others are not and it seems the current security model cannot accommodate that. Did I miss something in the documentation?

Thank you,

-Z

Find more posts tagged with

Comments

rmedida

Please refer to the Security.xml file in ...\MediaBin Server\Config Files\ folder to set the permissions for Users and Groups on Collections and Workflow actions.

rmedida

Modifications to this Security.xml file should be proper and MB Server service restart is needed for changes to take effect.

If this .xml file is not properly formatted, MB Server will not startup.

Migrateduser_427

Note: you must specify each group you want, meaning this is hardcoded (called Security Templates). There is not the function to do a domain group/user lookup like at the folder permission level.

If you would like domain group/user look up rather than hardcoded 'Security Templates' I suggest you open a feature request ticket with HP support. I have also made a request for the same.

IMO, these security templates actually hinder the permission management, forcing system admins to keep updating as required. It also means the list of security templates could get very long and general asset admins and users might not know which selection to make when setting a permission template for a Collection/Saved Search.

zipper

Thanks a million Ravi. That worked like a charm.

zipper

smbrown wrote:
Note: you must specify each group you want, meaning this is hardcoded (called Security Templates). There is not the function to do a domain group/user lookup like at the folder permission level.

If you would like domain group/user look up rather than hardcoded 'Security Templates' I suggest you open a feature request ticket with HP support. I have also made a request for the same.

IMO, these security templates actually hinder the permission management, forcing system admins to keep updating as required. It also means the list of security templates could get very long and general asset admins and users might not know which selection to make when setting a permission template for a Collection/Saved Search.

That last part is exactly what I though. It means you need production level server access to create/manage security which is a bit of a hindrance but at least there is something.

On another note, I am working on a proof of concept and do not have a slew of domain accounts to use so in terms of the folder security, we have to leave everything open to everyone because I can't lock down on the local users/groups that I have created (it requires a domain). Have you found a way to add local users/groups?

Thanks for the info and is there a way to support your feature request or do we have to create a new one to support it?

Migrateduser_427

zipper wrote:
On another note, ... Have you found a way to add local users/groups?

We don't use local users or groups. Not sure if this would work, try using the local server host name inplace of the domain. Example: serverhostname\zipper.

zipper wrote:
Thanks for the info and is there a way to support your feature request or do we have to create a new one to support it?

Not sure if you can link them, but you can reffer to the request I submited: Enhancement # MB-10262 around Dec 08, 2012