Using Roles and Permissions

The actions you can perform against the MediaSilo API are the same as the actions you can perform in the MediaSilo app. User permissions can be changed in the app’s Administration section.

A user of type Administrator has access to all projects and all actions within the workspace. This access is implied and does not need to be specified for each project. However, users of type Manager and User must be assigned to projects with specific roles. These users can only access projects they belong to, and they can only perform an action that their role grants them permission to do.

Types

There are three user types in the MediaSilo platform:

1. Administrator

An administrator has access to everything in the system, including all projects, file sharing, user management, analytics, etc.

2. Manager

A manager is allowed to create projects. A manager automatically becomes a project owner of any project they create. As a project owner, the manager can invite users to the project, modify a user’s permissions in their project (without affecting other projects), and remove users from their project.

3. User

A user only has the permissions granted to them by the administrator or project owner who assigns them to a project.

Roles

A manager or user is assigned a role on a project. A role consists of permissions, such as the permission to upload files and the permission to share files externally. A role can be one of the default roles that come with every MediaSilo account, or a custom role that is configured by an administrator.

Default roles include Uploader, Asset Manager, Internal Collaborator, and Public Collaborator. The role of Project Owner cannot be modified or deleted. A project owner can perform any action in their project and has the ability to manage the project’s team and settings.

A custom role can consist of any of the eight permissions in MediaSilo. Once a custom role is assigned to a user, that user will be granted the permissions defined in the custom role. Giving a user a custom role in Project A will have no affect on their permissions in Project B.

Permissions

There are 8 permissions in MediaSilo that determine what users can do with assets:

View

This is the basic permission for interacting with files in MediaSilo. This allows read-only access to files without allowing users to modify or upload files.

Delete

This permission determines who can delete files, including the folders that may contain them.

Download

This permission determines who can download files from a project. If a user has permission to share files in a Review Link, then download permission is required to allow downloading in the link settings.

Commenting

This permission determines who can view and make comments on a file in Review Mode. This includes a user’s ability to edit and delete their own comments. If a user has permission to share files in a Review Link, then commenting permission is required to enable feedback in the link settings.

Edit

This permission determines who can modify files, including tags, metadata, and file versions.

Upload

This permission determines who can create new files in MediaSilo.

External Sharing

This permission determines who can share files publicly. This applies to individual file sharing, folder sharing, and playlist sharing.

Internal Sharing

This permission determines who can share files with named users in your workspace. This applies to individual file sharing, folder sharing, and playlist sharing. Users with external sharing permission also have internal sharing permission.

Delegation of User Responsibilities

MediaSilo scales from small independent teams to enterprises with thousands of users. What makes this work is the concept of delegation of responsibilities. To understand how this works, let's consider a few examples:

Small Team (1-20): A 15-person post-house may assign one person to be the "go-to" MediaSilo administrator. That person is responsible for creating accounts and projects. The remaining team members are regular users in the system with different permissions assigned on a project level.

Medium Team (21-50): In addition to a central administrator, trusted managers are given the permissions to create new projects and invite users as needed. The administrator creates global permissions that project owners can use to assign to users. This could include "Producer," "Press," "Contributor," or "Reviewer" roles. In this hybrid scenario, both administrators and managers maintain users, projects, and media.

Large Team (50+): In larger teams, the central administrator role can become overwhelming. Creating projects, assigning users, and creating and managing user accounts can quickly turn into a time-consuming job. In this scenario, trusted managers are given full responsibility over projects and users who can view media contained in those projects. A project can have multiple project owners, which ensures that projects can be maintained even if the original project manager has moved on.

🚧

Scoping

It is important to understand that all media is restricted by projects. Project owners who invite external users can only share media in the projects to which they have access. This ensures that a project owner on Project A cannot access media in Project B unless they were explicitly added to Project B. Furthermore, project owners can only invite users to projects they created themselves or projects they were assigned ownership of.