Understanding channel roles and permissions

About

Channels in Kaltura MediaSpace (KMS) incorporate a roles and permissions system by which channel owners and managers can invite users and assign them specific roles. These roles define the actions they can perform in the channel, such as enabling a user to add content to a channel. These are the Contextual roles given in the context of a specific channel.

Contextual roles are bound by a higher level of roles and permissions called the Applicative roles. The Applicative roles are assigned to users globally by the KMS administrator in order to manage user access and control content distribution throughout the site.

To understand how all this really works, let's explore the 2 levels of Applicative and Contextual roles and their corresponding permissions.

Applicative roles 

Applicative roles apply globally and concern what a user is entitled to do in the entire MediaSpace site. The applicative roles are Viewer role, Private only role, Admin role, and Unmoderated admin role, and they are assigned in the Configuration Management console (shown below):

Applicative roles diagram

Viewer role

• Can browse public and open channels, and other channel types by entitlement.
• Can't upload new content and doesn't have a My Media page.

Private only role 

• Can browse public and open channels, and other channel types by entitlement.
• Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry.  
• Can publish to any type of channel by entitlement. Content published by a user with this role is subject to moderation if enabled on the channel.

Admin role 

• Can browse public and open channels, and other channel types by entitlement. 
• Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry. 
• Can publish to all open channels and other channel types with permission. Content published by a user with this role is subject to moderation if enabled on the channel.

Unmoderated admin 

• Can browse public and open channels, and other channel types by entitlement.
• Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry. 
• Can publish to all open channels and other channel types with permission. Content published by a user with this role will bypass moderation if enabled on the channel.

Anonymous

An additional type of role is anonymous. Users can browse your site anonymously when 'anonymous' mode is enabled (your system administrator can enable this in the Auth module by setting allowAnonymous to 'Yes'). When an anonymous user clicks a link or button that requires a more advanced role, for example, My Media, My Playlists or +Create, a login screen will display.

Contextual roles

Contextual roles concern what a user is entitled to do within the context of the channel. The contextual roles are Member, Contributor, Moderator, and Manager. For example, a user might have a Manager role for one channel and a Contributor role for another channel. Contextual roles are assigned by the channel manager. See Edit a channel for more information.

Contextual roles diagram

Member 

• Can access a channel they're associated with and view its content. 
• Can't add new content to the channel they're associated with.
• Can join Live Rooms. 

Contributor 

• Can access a channel they're associated with and view its content.
• Can add new content subject to moderation to the channel they're associated with and in accordance with their KMS application role (PrivateOnly role and above).
• Can edit or delete their own content.
• Can join Live Rooms.

Moderator 

• Can access a channel they're associated with and view its content.
• Can add new content to the channel they're associated with in accordance with their KMS application role (PrivateOnly role and above). 
• Can access the moderation queue and approve or reject contributed content.
• Can edit or delete contributions. 
• Can join Live Rooms.

Manager  

• Can access a channel they're associated with and view its content. 
• Can add new content to the channel they're associated with in accordance with their KMS application role (PrivateOnly role and above).
• Can edit or delete their own content.
• Can access the moderation queue and approve or reject contributed content. 
• Can edit the settings for the channel, organize the content in a channel into playlists, invite and manage users' permissions, can view / print / save the channel media analytics. 
• Can delete the channel.
• Can initiate a Live Rooms.

Channel privacy options

MediaSpace supports several privacy options for channels (aka channel types). The privacy options are configured in the channel Edit page:

Channel edit page

• Open - All logged in users can view and contribute content (contribution is not allowed for viewer-role users).
• Restricted - All logged in users can view content and only channel members can contribute content.
• Private - Only channel members can view and contribute content.
• Shared Repository - Only channel members can view and contribute content; Content may be published to other channels, according to publishing entitlements.
• Public, Restricted - Anyone can view content (including anonymous not logged-in users). Only channel members can contribute content according to their publishing entitlements.
• Public, Open - Anyone can view content (including anonymous not logged-in users) and all logged in users can contribute content.

To learn how to manage users' entitlements for channels, see Edit a channel - Users.