Skip to main content
All CollectionsFor CORE AdminsUsers: Manage User Roles
User Roles: How to Create User Roles
User Roles: How to Create User Roles
Updated over a year ago

In this article:


Before Creating New User Roles

Find below a few tips and insights to help you better plan and prepare for User Role creation in CORE.

Naming Conventions Tips

Use a convention that can be applied consistently across projects. For instance:

  • Start each Role with the name of a project, business group or workflow that is most appropriate for your needs.

  • Use numbers for easy identification of role type or complexity.

    • If you know that every project has seven roles, scale them from 01 to 07 with 01 being the most basic user with limited access and 07 as your Admin.

  • Use keywords that indicate the role type, such as Inbox Only, Upload, Download, Distribution, etc.

  • Examples:

    • PROJECT A_01_Inbox Only

    • PROJECT B_01m_Inbox_Mobile Only

    • BUSINESS GRP_03_Upload-Download

    • BUSINESS GRP_05_Package Mgr_Distro

    • SYSTEM_07_Admin

    • Production Name_Dept_Inbox Uploader

    • Template_Team Admin

Craft User Role Templates

Templates save you time.

Create a template for each role type you’ve identified. Name them Template_Role Name, so all of your Admins and users with role access can save these roles to their own template folders.

Go to How to Create User Role Templates for more specific instructions.


Create a New User Role: A Step-By-Step Guide

Creating a User Role is done in multiple parts:

Screenshot_2022-07-29_at_18.02.33_copy.png
  • Step 1: You must first create the basic user role in the Role Info tab

  • Step 2: If any, add Viewer Access Rules

  • Step 3: If any, add Edit Access Rules

  • Step 4: Finally, you create User Access Rules Some users will also manage your company’s Projection Room App. In that case, there is a Step 5.

To create a new User Role:

Screenshot_2022-07-29_at_18.02.33_copy_2.png
  1. Navigate to the Users module

  2. Click User Roles.

  3. Click New User Role

  4. Add basic User Role info in the Role Info tab

  5. Click the Save Changes button to save your User Role. Important step! :)

Step 1: Add Basic User Role Info

For a detailed outline of what each of these features does, go to User Roles: An Overview of User Role Features.

Screenshot_2022-07-29_at_18.04.16.png
  1. Start by entering the User Role name.

  2. Choose what Domains they can access when uploading, tagging, and editing tags on files. If the user can't upload, leave it defaulted to ALL

    • NOTE: The Domain defines what tags a user can select from when tagging files. These are typically organised by production / project type or business organisation.

  3. Choose what Package Types they can share. Default is ALL.

  4. Choose what view or downloading permissions they can give on a package share. Default is ALL

    Screenshot_2022-07-29_at_18.04.48.png
  5. Unless specifically an Admin or Coordinator, select Standard on User Access Level.

  6. The default package share type is a Standard package. Choose a different package type if desired.

  7. For Redirect on Login, choose Inbox, File Search, or the Dashboard for where they land after logging in.

  8. If your role isn't using SSO, choose whether or not they should have MFA.

  9. Choose what or if the users can download

  10. Disregard the Watermark Strategy unless directed to change to Burn in.

  11. If this role is for a company subdivision requiring its users to have their own logo in CORE, select from provided logos.

  12. Choose if a user can tag files or skip and share (Quick Share) files without tags.

  13. If your system has a Dashboard, choose your dashboard type. We recommend the Package dashboard.

  14. Extend your users logout time in minutes. Most clients extend this between an hour and a day, depending on their security requirements.

  15. Next select from any Admin Controls

    1. These settings are really geared toward your team admins and asset managers who need to have troubleshooting capabilities and the ability to add new roles to the team

  16. Followed by User Controls

    1. Box access and Uploader are the most commonly selected options here

  17. Choose the Package Controls

  18. Provide Device access

    Screen_Shot_2022-07-30_at_8.36.06_AM.png
  19. Finally, if the role can share packages and you want to narrow down what statuses they can request on Approval Packages, choose the options here

Almost there, but not quite done yet. We have a few more steps.

  1. Scroll down below all the checkboxes of control options.

  2. If you selected Role Manager, the roles you can choose from will appear there. Select what roles this user role can manage.

    Screen_Shot_2022-07-30_at_8.48.51_AM.png
  3. If this user role can upload, select what productions the role can upload to.

    Screen_Shot_2022-07-30_at_8.47.35_AM.png
  4. Finally, select the watermarks for the role as needed.

Screenshot_2022-07-29_at_18.07.59.png

SAVE THE ROLE 🙂

Screen_Shot_2022-07-30_at_8.51.07_AM.png

Now your role has officially been created. However, there are additional access rules that may be required.

CORE Tip: Create a standardized naming convention for your User Roles based on the general user types you will need for each of your projects or divisions. This way you can save roles as a template, and reuse them by simply changing the name of the User Role to the current project, etc. Make the names descriptive enough so you know what they include, or maintain a chart of your different role types that you create.

Your base role is created. You can now personalize the permissions and access based on the needs of the specific role. See examples below for steps to create specific user roles such as Department Admin, Viewer, and Uploader.

Steps 2 and 3: Add View and Edit Access Rules

We combined these two steps because the function of creating them is the same. The difference between the two rules is:

  • View access rules give users the ability to view the files defined in the rules

  • Edit access rules give users the ability to both view and edit the files defined in the rules

When building rules, it's good to understand the following:

  • Conditionals within a rule act as an AND, such as "this" AND "this" AND "this" etc. creating more specific access controls

  • Multiple rules within a role act as an OR, such as user can view "this" OR "this" OR "this".

So a user role can have as many rules as you want in order to create the view and edit controls you require. To create a rule:

User_Roles_example_view_access_rule.png
  1. Go to either the View or Edit Access Rules tab

  2. Select +Add Rule

  3. Name the rule.

    1. We recommend something simple and clear, as well as repeatable if you're using a role as a template. Examples: View Rule; View Other Productions Rule; View Approved Files By Project; Edit Rule for Department.

  4. Select what Tag Type you'll be choosing from. This is defined by Domain, like Film or TV.

  5. Select the tags that make up your rule.

    1. Examples: Production; Department; or Status

  6. Select the condition of the tag and it's defining values such as:

    1. Production IS ALL; Production IS Project A; or, Production IS Project A, Project B, Project L

    2. Department IS Editorial

    3. Status IS Approved

  7. Choose whether or not to give additional file permissions

    1. View History panel

    2. View Access panel

    3. Email on Ingest

  8. Add another rule as needed.

  9. Before you leave the View Access tab or the Edit Access tab, select the Save button at the bottom

    1. If you move to a different tab before you save, your changes will not save.

Step 4: Add User Access Rule

This one's important. It enables users to see and share with other users in the system. If you don't add this rule, the users in the role will see only themselves.

User_Roles_Example_user_access_rules.png
  1. Go to User Access Rules tab

  2. Select +Add Rule

  3. Name the rule.

    1. We recommend something simple and clear, as well as repeatable if you're using a role as a template. Examples: View Users; View Production Users; View Company Users, etc.

  4. Select if you want the users to be able to:

    1. View the users

    2. Edit the users

    3. Access Sensitive users within the scope of the rule (hidden users - usually VIPs and celebrity types)

  5. Select the tags that make up your rule.

  6. Select the condition of the tag and it's defining values such as:

    1. Company IS Company Name

    2. Department IS Department Name

    3. Production IS Production Name

  7. Add another rule as needed.

  8. Before you leave the tab, select the Save button at the bottom

    1. If you move to a different tab before you save, your changes will not save.

Congratulations, you've successfully created a user role! See below for some examples of different user roles.


User Role Examples

Example 1: Department Admin

The Department Admin will have the basic Permissions of a Standard User with additional access added to allow them to have Admin permissions for a specific department and production only.

Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our department admin, we will name the role NoobAdventures_07_Editorial_ADMIN.

  1. Click on the Users tab on the left panel.

  2. Click User Roles.

  3. Click + User Role.

    Screenshot_2022-07-29_at_18.02.33_copy_2.png

Step 2: Assign the specific settings in Role info. In our example, the Editorial Admin:

Screenshot_2022-07-30_at_11.03.15.png
  1. Has access to the All Domains.

  2. Can share all package types.

  3. Can share packages to be downloaded with a watermark or without a watermark if the specific user has that permission based on their role.

    Screenshot_2022-07-30_at_11.03.31.png
  4. Since our Editorial Admin will not be an Admin for the entire CORE app, we will assign The User Access Level as Standard User. (We will add additional access later by adding Access Rules to the role.)

    Screenshot_2022-07-30_at_11.03.43.png
  5. Users with this role will have the ability to Create Users and Upload Assets for the department and production they have access to (we will specify which Department and Production our Editorial Admin has access to later).

  6. Users under this role will be able to view Package Reports.

  7. This role allows its users to access CORE from the mobile and AppleTV apps in addition to the Desktop version.

  8. In the Roles Restriction section, you control what roles you can choose when you create new users. In our example below, the Editorial Admin can create new users with the Asset Uploader or Asset Viewer roles.

    Screenshot_2022-07-30_at_11.03.58.png

9. Under Production, we can assign which Productions the Users in this role have access to. In this example, the Editorial Admin will only have access to -Comic Book Library production. Click on any additional productions to add more.

Screenshot_2022-07-30_at_11.04.13.png

10. Under the Watermark section, assign the watermark style that the Editorial Admin will see when they view video, image or PDF document. In our example, we chose the standard watermark styles.

Screenshot_2022-07-29_at_18.07.59.png

Step 3: Create a ViewAccess Rule that gives the Editorial Admin access to the approved assets on their production.

Screenshot_2022-07-30_at_11.14.40.png

To ensure the Editorial Admin only has access to the Editorial Department, we need to create an Edit Access Rule. To do so click:

  1. View Access Rules

  2. Click on +Add Rule, name the rule (in this case View Access)

  3. Choose your Tag Type (Example TV Domain)

  4. Add Production

    1. Choose Conditional value, in this case, we want the Editorial Admin to have access to the. Click the IS option and then choose Editorial.

  5. Then scroll down in the tags list and select Status

    1. Choose the conditional options IS and Approved.

  6. Select the checkbox for the View History Panel. If checkbox is selected, allows members of this role to have access to the asset history panel in the asset viewer. Asset history panel lists all the history/activity on an asset - who has uploaded, downloaded, viewed, edited, reprocessed, etc. this asset.

  7. Select the checkbox for the View Access Panel. If checkbox is selected, allows members of this role to have access to the File Access panel in the asset viewer. The File Access panel lists all of the Users who have access to an asset.

  8. Click on the Save Changes button to save your rule.

NOTE: We are not selecting Email on Ingest checkbox for our Editorial Admin rule example here. But the Email on Ingest option, if checked, will send email notifications to members of this role every time an asset matching the access rule parameters is ingested into CORE.

Step 4: We also want our Editorial Admin to have the permission to not just view approved production assets but also edit and manage the assets for the Editorial Team. We need to create an Access Rule that allows the Editorial Admin to edit assets in the Editorial Department only.

Screenshot_2022-07-30_at_11.19.37.png

To ensure the Editorial Admin has permission to only edit assets for the Editorial Department, we need to create an Edit Access Rule. To do so, click:

  1. Edit Access Rules

  2. Click on +Add Rule, name the rule (in this case NoobAdven_edit)

  3. Choose your Tag Type (Example TV domain)

  4. Choose Production under Structure

  5. Add the conditional value of IS and then select clouds for the production, so they can see their teammates on their production.

  6. Then, choose Department under Structure.

  7. Choose Conditional value IS and then choose Editorial in the dropdown list.

  8. Click on the Save Changes button to save your rule.

Step 5: Add your User Access Rule so your uploader can share their files with other users.

Screenshot_2022-07-30_at_12.57.22.png
  1. User Access Rules

  2. Click on +Add Rule, name the rule (in this case Coordinator Default)

  3. Choose Production under User Associations

  4. Add the conditional value of IS and then select clouds for the production, so they can see their teammates on their production.

Screenshot_2022-07-30_at_13.42.34.png

Example 2: Viewer

The Viewer Role gives users permission to view assets within a particular production (no uploading, downloading or sharing options).

Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our viewer role, we will call it KornFerry_Viewer.

  1. Click on the Users tab on the left panel.

  2. Click User Roles.

  3. Click + User Role.

Screenshot_2022-07-30_at_13.11.02.png

Step 2: Assign the specific settings in Role info. In our example, the KornFerry_Viewer:

  1. Has access to the Film Domain.

  2. Can share all package types.

  3. We will set the Package share download options to Recipient Settings. That way the package can be shared with a watermark or without a watermark if the specific user has that permission based on their role.

    Screenshot_2022-07-30_at_13.11.55.png
  4. Our KornFerry_Viewer should not have any Admin permissions so we will assign the User Access Level as Standard User.

  5. The KornFerry_Viewer should not have the ability to download any assets, so we will choose None under Save Access level.

  6. The users with this role will not be responsible for Categorising or sharing assets, so we choose None for Categorisation Type.

  7. The only additional permission we want to give this viewer role is the ability to also view assets on all devices: AppleTV, Mobile (iOS), and Desktop. Under Device, choose All to accomplish this.

  8. Our KornFerry_Viewer should only have access to see other users in Kung Ferry production. We will choose Korn Ferry under Production.

Screenshot_2022-07-30_at_13.12.43.png

9. Under the watermarks section, assign the watermark style that the KornFerry_Viewer will see. In our example, we will assign the Secure watermark to be shown for images, ScriptStyle for PDFs, and Low Center Light for video.

Screenshot_2022-07-30_at_13.13.20.png

Step 3: Create an Access Rule that gives the Viewer access to only the project.

Screenshot_2022-07-30_at_13.25.26.png

To ensure that the KornFerry_Viewer only has access to the Korn Ferry project we need to create an Access Rule. To do so click:

  1. View Access Rules

  2. Click on +Add Rule, name the rule (in this case KornFerry_viewer)

  3. Choose your Tag Type (Example TV as the Domain)

  4. Choose Production under the Structure

  5. Choose Conditional value, in this case, we want the viewer to see the Kung Fu This!. Click the IS option and then choose Production Korn Ferry in the pull down menu.

  6. Select Save Changes button to save your rule.


Example 3: Uploader Role

The Uploader Role gives users permission to upload and share assets within a particular production (no downloading options).

Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our production uploader, we will name the role AirTheMovie_Uploader.

  1. Click on the Users tab on the left panel.

  2. Click User Roles.

  3. Click + NewUser Role

Screenshot_2022-07-30_at_13.35.16.png

Step 2: Assign the specific settings in Role info. In our example, the AirTheMovie_Uploader:

  1. Has access to the Film Domain.

  2. Can share all package types.

  3. We will set the Package share download options to ALL.

    Screenshot_2022-07-30_at_13.35.28.png
  4. Our AirTheMovie_Uploader should not have Admin permissions so we will assign the User Access Level as Standard User.

  5. The AirTheMovie_Uploader should not have the ability to download any assets, so we will choose None under Save Access level.

  6. The users with this role will not be responsible for Categorising or sharing assets, so we choose None for Categorisation Type.

  7. The AirTheMovie_Uploader should have the ability to upload assets, so we will check the Upload Assets box in the User section to allow this permission.

  8. The Uploader role only needs to access the Desktop so we will choose that option.

  9. Our AirTheMovie_Uploader should only have access to see other users in the Air the Movie Project. We will choose air the Movie under Production.

Screenshot_2022-07-30_at_13.32.21.png

10. Under the watermarks section, assign the watermark style that the AirTheMovie_Uploader will see. In our example, we will assign the Secure watermark to be shown for images, ScriptStyle for PDFs and Low Center Light for video.

Screenshot_2022-07-30_at_13.13.20.png

Step 3: Create an Access Rule that gives the AirMovie_uploader access to the Air the Movie project only.

Screenshot_2022-07-30_at_13.37.43.png

To ensure that the Uploader only has access to their project, we need to create an Access Rule. To do so click:

  1. View Access Rules

  2. Click on +Add Rule

  3. Choose your Tag Type (Example Film Domain)

  4. Choose Production under Structure

  5. Choose Conditional value, in this case, we want the AirMovie_uploader to have access to the Air the Movie production. Click the IS option and then Air the Movie from the pull-down menu.

  6. Save Changes

Step 4: Add your User Access Rule so your uploader can share their files with other users.

Screenshot_2022-07-30_at_13.40.03.png
  1. User Access Rules

  2. Click on +Add Rule, name the rule (in this case Coordinator Default)

  3. Choose Production under User Associations

  4. Add the conditional value of IS and then select Air The Movie for the production, so they can see their teammates on their production.

Did this answer your question?