Kaltura MediaSpace/Kaltura Application Framework (KAF) Roles and Permissions

The following information is crucial to understanding how permissions are manifested.  KMS, includes 2 types of user roles - Applicative roles and Contextual roles.

Application Roles - Concern what a user is entitled (or not) to do in the context of the application. 

Contextual  Roles -  Concern what a user is entitled (or not) to do in the context of Galleries / Channels.

  • KMS applicative roles
    • anonymousRole
    • viewerRole
    • privateOnlyRole
    • adminRole
    • unmoderatedAdminRole
  • Category/Channel context roles
    • Member (view)
    • Contributor (publish)
    • Moderator (moderate)
    • Manager (edit settings, manage members)
  • Category/Channel types
    • Open
    • Restricted
    • Private
    • Shared Repository
    • Public (Channel)

The table below summarizes the permissions for different user application & context roles, in the context of channels / galleries.  

Applicative role

 

 

 

Type

anonymousRole
(User not logged in)

viewerRole
(Doesn’t have My Media, so can’t publish)

privateOnlyRole

adminRole &

unmoderatedAdminRole

(Uploaded entries by these roles will automatically be approved if the account has moderation enabled)

Open

Categories

  • Can view only, if allowAnonymous=true
  • Can’t participate (publish, moderate, manage)

 

Channel

  • Can’t access at all (since channels require log-in) if public channels option is not checked

Categories & Channels

  • Can view (regardless of contextual role)
  • Can’t publish (doesn’t have My Media)
  • Other participation (moderate, manage) according to contextual role

Categories & Channels

  • Can view (regardless of contextual role)

 

Categories (for backward compatibility with KMS 4.6):

  • Can publish only if Contributor (even though the Category is Open) [this is the only difference from adminRole]

 

Channels

  • Doesn’t need to be a member to publish (Channel is Open, as in KMS 4.6)

 

Categories & Channels

  • Other participation (moderate, manage) according to contextual role

Categories & Channels

  • Can view (regardless of contextual role)
  • Can publish everywhere (since admin)
  • Other participation (moderate, manage) according to contextual role

Restricted

Categories & Channels

  • Can’t view or participate (publish, moderate, manage) since not logged in

Same as Open.

Categories & Channels

  • Can view (regardless of contextual role)
  • Other participation (publish, moderate, manage) according to contextual role

Categories & Channels

  • Can view (regardless of contextual role)
  • Other participation (publish, moderate, manage) according to contextual role

Private

Same as Restricted

Categories & Channels

  • Can’t publish (since doesn’t have My Media)
  • Viewing and Participation (moderation, management) according to contextual role

Categories & Channels

  • Viewing and Participation (publish, moderation, management) according to contextual role

Categories & Channels

  • Viewing and Participation (publish, moderation, management) according to contextual role

Shared Repository

Channels

  • Can’t view or participate (publish, moderate, manage) since not logged in
  • Can’t publish (since doesn’t have My Media)
  • Viewing and Participation (moderation, management) according to contextual role

Channels

  • Can view and publish (regardless of contextual role)
  • Other participation (moderate, manage) according to contextual role

Channels

  • Viewing and Participation (publish, moderation, management) according to contextual role

Public

Channels

  • Can view only, if allowAnonymous=true
  • Can’t participate (publish, moderate, manage)
 

Channels

  • Can view (regardless of contextual role)
  • Can’t publish (doesn’t have My Media)
  • Other participation (moderate, manage) according to contextual role
 

Channels

  • Can view (regardless of contextual role)
  • Other participation (publish, moderate, manage) according to contextual role
 

Channels

  • Can view (regardless of contextual role)
  • Can publish everywhere (since admin)
  • Other participation (moderate, manage) according to contextual role
 
In This Article