In this article:
Before Creating New User Roles
Find below a few tips and insights to help you better plan and prepare for User Role creation in CORE.
Naming Conventions Tips
Use a convention that can be applied consistently across projects. For instance:
Start each Role with the name of a project, business group or workflow that is most appropriate for your needs.
Use numbers for easy identification of role type or complexity.
If you know that every project has seven roles, scale them from 01 to 07 with 01 being the most basic user with limited access and 07 as your Admin.
Use keywords that indicate the role type, such as Inbox Only, Upload, Download, Distribution, etc.
Examples:
PROJECT A_01_Inbox Only
PROJECT B_01m_Inbox_Mobile Only
BUSINESS GRP_03_Upload-Download
BUSINESS GRP_05_Package Mgr_Distro
SYSTEM_07_Admin
Production Name_Dept_Inbox Uploader
Template_Team Admin
Craft User Role Templates
Templates save you time.
Create a template for each role type you’ve identified. Name them Template_Role Name, so all of your Admins and users with role access can save these roles to their own template folders.
Go to How to Create User Role Templates for more specific instructions.
Create a New User Role: A Step-By-Step Guide
Creating a User Role is done in multiple parts:
Step 1: You must first create the basic user role in the Role Info tab
Step 2: If any, add Viewer Access Rules
Step 3: If any, add Edit Access Rules
Step 4: Finally, you create User Access Rules Some users will also manage your company’s Projection Room App. In that case, there is a Step 5.
To create a new User Role:
Navigate to the Users module
Click User Roles.
Click New User Role
Add basic User Role info in the Role Info tab
Click the Save Changes button to save your User Role. Important step! :)
Step 1: Add Basic User Role Info
For a detailed outline of what each of these features does, go to User Roles: An Overview of User Role Features.
Start by entering the User Role name.
Choose what Domains they can access when uploading, tagging, and editing tags on files. If the user can't upload, leave it defaulted to ALL
NOTE: The Domain defines what tags a user can select from when tagging files. These are typically organised by production / project type or business organisation.
Choose what Package Types they can share. Default is ALL.
Choose what view or downloading permissions they can give on a package share. Default is ALL
Unless specifically an Admin or Coordinator, select Standard on User Access Level.
The default package share type is a Standard package. Choose a different package type if desired.
For Redirect on Login, choose Inbox, File Search, or the Dashboard for where they land after logging in.
If your role isn't using SSO, choose whether or not they should have MFA.
Choose what or if the users can download
Disregard the Watermark Strategy unless directed to change to Burn in.
If this role is for a company subdivision requiring its users to have their own logo in CORE, select from provided logos.
Choose if a user can tag files or skip and share (Quick Share) files without tags.
If your system has a Dashboard, choose your dashboard type. We recommend the Package dashboard.
Extend your users logout time in minutes. Most clients extend this between an hour and a day, depending on their security requirements.
Next select from any Admin Controls
These settings are really geared toward your team admins and asset managers who need to have troubleshooting capabilities and the ability to add new roles to the team
Followed by User Controls
Box access and Uploader are the most commonly selected options here
Choose the Package Controls
Provide Device access
Finally, if the role can share packages and you want to narrow down what statuses they can request on Approval Packages, choose the options here
Almost there, but not quite done yet. We have a few more steps.
Scroll down below all the checkboxes of control options.
If you selected Role Manager, the roles you can choose from will appear there. Select what roles this user role can manage.
If this user role can upload, select what productions the role can upload to.
Finally, select the watermarks for the role as needed.
SAVE THE ROLE 🙂
Now your role has officially been created. However, there are additional access rules that may be required.
CORE Tip: Create a standardized naming convention for your User Roles based on the general user types you will need for each of your projects or divisions. This way you can save roles as a template, and reuse them by simply changing the name of the User Role to the current project, etc. Make the names descriptive enough so you know what they include, or maintain a chart of your different role types that you create.
Your base role is created. You can now personalize the permissions and access based on the needs of the specific role. See examples below for steps to create specific user roles such as Department Admin, Viewer, and Uploader.
Steps 2 and 3: Add View and Edit Access Rules
We combined these two steps because the function of creating them is the same. The difference between the two rules is:
View access rules give users the ability to view the files defined in the rules
Edit access rules give users the ability to both view and edit the files defined in the rules
When building rules, it's good to understand the following:
Conditionals within a rule act as an AND, such as "this" AND "this" AND "this" etc. creating more specific access controls
Multiple rules within a role act as an OR, such as user can view "this" OR "this" OR "this".
So a user role can have as many rules as you want in order to create the view and edit controls you require. To create a rule:
Go to either the View or Edit Access Rules tab
Select +Add Rule
Name the rule.
We recommend something simple and clear, as well as repeatable if you're using a role as a template. Examples: View Rule; View Other Productions Rule; View Approved Files By Project; Edit Rule for Department.
Select what Tag Type you'll be choosing from. This is defined by Domain, like Film or TV.
Select the tags that make up your rule.
Examples: Production; Department; or Status
Select the condition of the tag and it's defining values such as:
Production IS ALL; Production IS Project A; or, Production IS Project A, Project B, Project L
Department IS Editorial
Status IS Approved
Choose whether or not to give additional file permissions
View History panel
View Access panel
Email on Ingest
Add another rule as needed.
Before you leave the View Access tab or the Edit Access tab, select the Save button at the bottom
If you move to a different tab before you save, your changes will not save.
Step 4: Add User Access Rule
This one's important. It enables users to see and share with other users in the system. If you don't add this rule, the users in the role will see only themselves.
Go to User Access Rules tab
Select +Add Rule
Name the rule.
We recommend something simple and clear, as well as repeatable if you're using a role as a template. Examples: View Users; View Production Users; View Company Users, etc.
Select if you want the users to be able to:
View the users
Edit the users
Access Sensitive users within the scope of the rule (hidden users - usually VIPs and celebrity types)
Select the tags that make up your rule.
Select the condition of the tag and it's defining values such as:
Company IS Company Name
Department IS Department Name
Production IS Production Name
Add another rule as needed.
Before you leave the tab, select the Save button at the bottom
If you move to a different tab before you save, your changes will not save.
Congratulations, you've successfully created a user role! See below for some examples of different user roles.
User Role Examples
Example 1: Department Admin
The Department Admin will have the basic Permissions of a Standard User with additional access added to allow them to have Admin permissions for a specific department and production only.
Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our department admin, we will name the role NoobAdventures_07_Editorial_ADMIN.
Step 2: Assign the specific settings in Role info. In our example, the Editorial Admin:
Has access to the All Domains.
Can share all package types.
Can share packages to be downloaded with a watermark or without a watermark if the specific user has that permission based on their role.
Since our Editorial Admin will not be an Admin for the entire CORE app, we will assign The User Access Level as Standard User. (We will add additional access later by adding Access Rules to the role.)
Users with this role will have the ability to Create Users and Upload Assets for the department and production they have access to (we will specify which Department and Production our Editorial Admin has access to later).
Users under this role will be able to view Package Reports.
This role allows its users to access CORE from the mobile and AppleTV apps in addition to the Desktop version.
In the Roles Restriction section, you control what roles you can choose when you create new users. In our example below, the Editorial Admin can create new users with the Asset Uploader or Asset Viewer roles.
9. Under Production, we can assign which Productions the Users in this role have access to. In this example, the Editorial Admin will only have access to -Comic Book Library production. Click on any additional productions to add more.
10. Under the Watermark section, assign the watermark style that the Editorial Admin will see when they view video, image or PDF document. In our example, we chose the standard watermark styles.
Step 3: Create a ViewAccess Rule that gives the Editorial Admin access to the approved assets on their production.
To ensure the Editorial Admin only has access to the Editorial Department, we need to create an Edit Access Rule. To do so click:
View Access Rules
Click on +Add Rule, name the rule (in this case View Access)
Choose your Tag Type (Example TV Domain)
Add Production
Choose Conditional value, in this case, we want the Editorial Admin to have access to the. Click the IS option and then choose Editorial.
Then scroll down in the tags list and select Status
Choose the conditional options IS and Approved.
Select the checkbox for the View History Panel. If checkbox is selected, allows members of this role to have access to the asset history panel in the asset viewer. Asset history panel lists all the history/activity on an asset - who has uploaded, downloaded, viewed, edited, reprocessed, etc. this asset.
Select the checkbox for the View Access Panel. If checkbox is selected, allows members of this role to have access to the File Access panel in the asset viewer. The File Access panel lists all of the Users who have access to an asset.
Click on the Save Changes button to save your rule.
NOTE: We are not selecting Email on Ingest checkbox for our Editorial Admin rule example here. But the Email on Ingest option, if checked, will send email notifications to members of this role every time an asset matching the access rule parameters is ingested into CORE.
Step 4: We also want our Editorial Admin to have the permission to not just view approved production assets but also edit and manage the assets for the Editorial Team. We need to create an Access Rule that allows the Editorial Admin to edit assets in the Editorial Department only.
To ensure the Editorial Admin has permission to only edit assets for the Editorial Department, we need to create an Edit Access Rule. To do so, click:
Edit Access Rules
Click on +Add Rule, name the rule (in this case NoobAdven_edit)
Choose your Tag Type (Example TV domain)
Choose Production under Structure
Add the conditional value of IS and then select clouds for the production, so they can see their teammates on their production.
Then, choose Department under Structure.
Choose Conditional value IS and then choose Editorial in the dropdown list.
Click on the Save Changes button to save your rule.
Step 5: Add your User Access Rule so your uploader can share their files with other users.
User Access Rules
Click on +Add Rule, name the rule (in this case Coordinator Default)
Choose Production under User Associations
Add the conditional value of IS and then select clouds for the production, so they can see their teammates on their production.
Example 2: Viewer
The Viewer Role gives users permission to view assets within a particular production (no uploading, downloading or sharing options).
Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our viewer role, we will call it KornFerry_Viewer.
Click on the Users tab on the left panel.
Click User Roles.
Click + User Role.
Step 2: Assign the specific settings in Role info. In our example, the KornFerry_Viewer:
Has access to the Film Domain.
Can share all package types.
We will set the Package share download options to Recipient Settings. That way the package can be shared with a watermark or without a watermark if the specific user has that permission based on their role.
Our KornFerry_Viewer should not have any Admin permissions so we will assign the User Access Level as Standard User.
The KornFerry_Viewer should not have the ability to download any assets, so we will choose None under Save Access level.
The users with this role will not be responsible for Categorising or sharing assets, so we choose None for Categorisation Type.
The only additional permission we want to give this viewer role is the ability to also view assets on all devices: AppleTV, Mobile (iOS), and Desktop. Under Device, choose All to accomplish this.
Our KornFerry_Viewer should only have access to see other users in Kung Ferry production. We will choose Korn Ferry under Production.
9. Under the watermarks section, assign the watermark style that the KornFerry_Viewer will see. In our example, we will assign the Secure watermark to be shown for images, ScriptStyle for PDFs, and Low Center Light for video.
Step 3: Create an Access Rule that gives the Viewer access to only the project.
To ensure that the KornFerry_Viewer only has access to the Korn Ferry project we need to create an Access Rule. To do so click:
View Access Rules
Click on +Add Rule, name the rule (in this case KornFerry_viewer)
Choose your Tag Type (Example TV as the Domain)
Choose Production under the Structure
Choose Conditional value, in this case, we want the viewer to see the Kung Fu This!. Click the IS option and then choose Production Korn Ferry in the pull down menu.
Select Save Changes button to save your rule.
Example 3: Uploader Role
The Uploader Role gives users permission to upload and share assets within a particular production (no downloading options).
Step 1: Create a new role and assign the new Role a name by entering it under User Role Name. For our production uploader, we will name the role AirTheMovie_Uploader.
Click on the Users tab on the left panel.
Click User Roles.
Click + NewUser Role
Step 2: Assign the specific settings in Role info. In our example, the AirTheMovie_Uploader:
Has access to the Film Domain.
Can share all package types.
We will set the Package share download options to ALL.
Our AirTheMovie_Uploader should not have Admin permissions so we will assign the User Access Level as Standard User.
The AirTheMovie_Uploader should not have the ability to download any assets, so we will choose None under Save Access level.
The users with this role will not be responsible for Categorising or sharing assets, so we choose None for Categorisation Type.
The AirTheMovie_Uploader should have the ability to upload assets, so we will check the Upload Assets box in the User section to allow this permission.
The Uploader role only needs to access the Desktop so we will choose that option.
Our AirTheMovie_Uploader should only have access to see other users in the Air the Movie Project. We will choose air the Movie under Production.
10. Under the watermarks section, assign the watermark style that the AirTheMovie_Uploader will see. In our example, we will assign the Secure watermark to be shown for images, ScriptStyle for PDFs and Low Center Light for video.
Step 3: Create an Access Rule that gives the AirMovie_uploader access to the Air the Movie project only.
To ensure that the Uploader only has access to their project, we need to create an Access Rule. To do so click:
View Access Rules
Click on +Add Rule
Choose your Tag Type (Example Film Domain)
Choose Production under Structure
Choose Conditional value, in this case, we want the AirMovie_uploader to have access to the Air the Movie production. Click the IS option and then Air the Movie from the pull-down menu.
Save Changes
Step 4: Add your User Access Rule so your uploader can share their files with other users.
User Access Rules
Click on +Add Rule, name the rule (in this case Coordinator Default)
Choose Production under User Associations
Add the conditional value of IS and then select Air The Movie for the production, so they can see their teammates on their production.