Using Roles and Permissions

The actions you can perform against the SHIFT API are the same as the actions you can perform in the SHIFT app. User permissions can be changed in the administration section of the SHIFT app.

A User of type Admin has access to all projects and all actions within the workspace. This access is implied, and does not need to be specified in each context.
However, all other types of user must be assigned to projects with specific roles. Users can only access projects they belong to, and can only perform actions that their role grants permission to do.

Roles

There are 4 roles in the SHIFT platform: Administrators, Project Owners, Users, and Custom Roles

Administrators

Administrators have access to everything in the system, including billing, reports, and all resources (projects, sharing, users, etc.). Typically, you would reserve a separate login for an administrator and not use this account on a daily basis.

Project Owners

A user who has been granted the Project Owner role is allowed to create projects. Any projects they create they are allowed to perform any action in.

Project Managers can create new projects and invite users to these projects. They can also modify the permissions of users in their projects without affecting other projects, and they can remove users from projects they manage.

Custom

Administrators can create custom roles and assign permissions to those roles. Once they grant a custom role to a user that user will be granted the permission defined in the custom role. Custom roles are scoped to projects. Giving a user a custom role in "Project A" will have no affect on their permissions in "Project B"

Users

User have no permissions unless they are granted them by being assigned a custom role

Permissions

There are 7 permissions in SHIFT that determine what users can do with assets

View

This is the basic permission for interacting with files in SHIFT. This allows read only access to files without allowing users to modify or create files

Delete

This permission determine who can delete files in SHIFT including the folders that may contain them.

Download

This permission determines who can export files from SHIFT.

Edit

This permission determines who can modify files including tags, comments, metadata, and file versions.

Upload

This permission determines who can create new files in SHIFT.

External Sharing

This permission determines who can share files publicly. This applies to individual file sharing, folder sharing, and playlist sharing.

Internal Sharing

This permission determines who can share files with named users in your workspace. This applies to individual file sharing, folder sharing, and playlist sharing. External sharing overrides this permission.

Delegation of User Responsibilities

SHIFT scales from small independent teams to enterprises with thousands of users. What makes this work in the concept of delegation of responsibilities. To understand how this works, let's consider a few examples:

Small Team (1-20): A 15-person post-house may assign one person to be the "go-to" SHIFT administrator. That person is responsible for creating accounts and projects. The remaining team members are regular users in the system with different permissions assigned on a project level.

Medium Team (21-50): In addition to a central administrator, trusted Project Managers are given the permissions to create new projects and invite users as needed. The administrator creates global permissions that project managers can use to assign to users. This could include "Producer", "Press", "Contributor", or "Reviewer" roles. In this hybrid scenario, both Administrators and Project managers maintain users, projects, and media.

Large Team (50+): In larger teams, the central administrator role becomes overwhelming. Creating projects, assigning users, creating and managing user accounts can quickly turn into a time-consuming job. In this scenario, trusted Project Managers are given full responsibility over projects and users who can view media contained in those projects. A project can have multiple owners, which ensures that projects can be maintained even if the original project manager has moved on.

🚧

Scoping

It is important to understand that all media is restricted by projects. Project Managers who invite external users can only share media the Project Manager has access to. This ensures that Project Manager B on Project B can not access media for Project A unless Project Manager B has been explicitly added to that project. Furthermore, Project Managers can only invite users to projects they created or are assigned ownership of.


What’s Next
Did this page help you?