This feature is only available in Daminion Team Server versions.
Access control allows you to restrict access to files for specific users and groups. Unlike user roles which maintain user access on the catalog level, access control allows you to specify set up access permissions on the file level.
Starting with Daminion 6.7, this option can be activated both in the desktop client and web client.
Access Control with Daminion Server Authentication scheme and Active Directory Users Authentication scheme
How to set up Access Control to specific files for one user
Note: everyone from the “Administrator” group has access to all files in the catalog regardless of the access control settings set on those files.
Log in to the catalog as an administrator and select the file(s) on which you wish to set access permissions.
In the example below, we need to provide access to files with the Coastal style for the user “Anna”.
To do this, select all necessary files in the thumbnail area, then from the Item Menu select “Set Access Permissions”.
In the window that opens, click the dropdown list and select a user who should have access to the selected files. In our case, it’s a user “Anna”. Now, only “Anna” and administrators will be able to see the files with the tag “Style: Tropical”.
If the group of users has been created, it will also be displayed on this list, and you can assign the selection to the group. Keep on reading to learn how to create an Access Control Group.
Note: Access permissions apply only to individual files. If you add new files to the tag “Style: Tropical”, these files will be visible to all users by default and you will need to manually set access permissions to them.
How to set up Access Control to a specific set of files for a group of users
Log into the catalog as administrator and click Catalog > Advanced Settings > Access Control.
A new tag “Access control” will be displayed in the Tags panel.
Right-click the Access Control header and select “Add Group”.
In the window that opens, specify a name for the group. In our case, it is “Daminion power users from Marketing and Creative teams”.
A new tag will be added under the header “Access control”.
Now, add users to the newly created group. To do this, right-click the tag “Daminion power users from Marketing and Creative teams” and select “Edit Group”.
In the window that opens, add users to the group. In our case, the users are Anna, Brian, Carlos, and Camilla.
Now, specify which files should be seen only by the members of this group, in our case, these are the files from the category “Current Restaurant Project”. Display the files in the thumbnail area, select the files and drag and drop them to the tag “Daminion power users from Marketing and Creative teams”.
The 12 files in the “Current design project” category are now only visible to the members of the “Daminion power users from Marketing and Creative teams” Access control group, as well as Daminion administrators.
Now, if we connect as a user who is neither a member of the group nor an admin (e.g. Chris), these 12 files will be hidden and inaccessible.
Important to remember:
Access control applies only to individual files. If you add new files to the Category “Current Restaurant Project”, these files will be visible to all users by default and you will need to manually set access permissions to them.
How to set up access control for Active Directory Groups Authentication scheme
Please note: this feature is only available in Daminion Team Server version 6.0 and higher.
Start off by mapping Active Directory groups with Daminion Users role. Visit this page to learn more about the process.
In our example, Daminion Admins is the general AD group mapped to the user role “Admin”.
To set up Access control for AD groups on the file level, first, open the Daminion Server Administration panel, then select “Catalogs” and double-click the catalog where you want to activate this option.
The “Catalog Settings” dialog window will open. From there, click the “Access Control” tab and add the access control groups here. These groups can either be general Access Control groups that are mapped to user roles or new AD groups.
These are the members of the selected group:
The AD group “Daminion power users from Marketing and Creative teams” is not directly mapped to Daminion User roles, but its members are also members of another group that is mapped to Daminion user roles.
Once the group is added in the settings of the catalog, Daminion Server will automatically restart.
After that, open the Daminion catalog and display the Access Control tag via Catalog > Advanced Settings > Access Control. The available groups will be listed. To assign the files to the groups, select the files in the thumbnails area and drag and drop them onto a group.
The 12 files in the “Current Restaurant project” category are now only visible to the members of the “Daminion power users from Marketing and Creative teams” Access control group, as well as Daminion administrators.
Now, if we connect as a user who is neither a member of the group nor an admin (e.g. [email protected]), these 12 files will be hidden and inaccessible.
Alternatively, you can activate Access Control on Folders Level which will pick up access permissions according to ACL (Access Control List) defined by your file system.