Kaltura MediaSpace/Kaltura Application Framework (KAF) Roles and Permissions

The following information is crucial to understanding how permissions are manifested in KMS and KAF.

User roles are split into 2 types - Applicative roles and Contextual roles.

  • Application Roles - Concerns what a user is entitled (or not) to do in the context of the application. 
  • Contextual  Roles -  Concerns what a user is entitled (or not) to do in the context of Galleries / Channels.

This article provides information about the Kaltura MediaSpace and KAF roles, and how permissions are manifested per category: 

KMS Applicative Roles

The following lists the applicative roles:

  • anonymousRole
  • viewerRole
  • privateOnlyRole
  • adminRole
  • unmoderatedAdminRole

Notes about applicative roles:

  1. anonymousRole - The User not logged in
  2. viewerRole - Does not have My Media, so cannot publish
  3. adminRole & privateOnlyRole - The only difference between theses roles is in open galleries, where the Admin role can publish without the need to be a contributor.
  4. unmoderatedAdminRole - this role is the same as the adminRole in all aspects, except for when the account has moderation (different from the KMS moderation). Uploaded entries by this role will automatically be approved.

Gallery/Channel/Media Gallery Context Roles

  • Member (view)
  • Contributor (publish)
  • Moderator (moderate)
  • Manager (edit settings, manage members)

Gallery/Channel Types

  • Galleries
    • Open Gallery - Anyone can view content (including anonymous users) but only admin role users and category members can contribute content.
    • Restricted Gallery - All logged in users can view content but only Category members can contribute content.
    • Private Gallery - Only Category members can view and contribute content.
      Note: Sub categories under a private category will be visible only to members of those sub categories
  • Channels
    • Open Channel - All logged in users can view and contribute content (contribution is not allowed for viewer-role users).
    • Restricted Channel - All logged in users can view content and only channel members can contribute content.
    • Private Channel - Only channel members can view and contribute content.
    • Shared Repository - Only channel members can view and contribute content; Content may be published to other channels, according to publishing entitlements.
    • Public, Restricted Channel - Anyone can view content (including anonymous not logged-in users). Only channel members can contribute content according to their publishing entitlements.
    • Public, Open Channel - Anyone can view content (including anonymous not logged-in users) and all logged in users can contribute content.
  • Media Gallery (KAF only) - Permission to view is set on the hosting application. Other capabilities are with contextual roles.

The following table summarizes the permissions for different user application & context roles, in the context of channels / galleries.  

Applicative Role anonymousRoleviewerRoleprivateOnlyRoleadminRole
Open GalleryView:
Can view only, if KMS allow guests (allowAnonymous=true)

Publish, Moderate, Manage:
Can’t participate

View:
Can view (regardless of contextual role)
Publish:
Can’t publish
Moderate, Manage 
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish, Moderate, Manage 
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish
Can publish
Moderate, Manage 
According to Category's contextual role
Open Channel

No access


View:
Can view (regardless of contextual role)
Publish:
Can publish
Moderate, Manage:
According to Category's contextual role
Restricted
Category

No access

Same as Open.View:
Can view (regardless of contextual role)
Publish, Moderate, Manage:
According to Category's contextual role
Restricted
Channel

No access

Same as Open.
Private
Category, 

Private
Channel, 

Media Gallery

No access


No access

View, Moderate, Manage:
According to Category's contextual role
Publish:
Can’t publish

View, Publish, Moderate, Manage:
According to Category's contextual role
Shared Repository

No access

View, Moderate, Manage:
According to Category's contextual role
Publish:
Can’t publish

View, Publish, Moderate, Manage:
According to Category's contextual role
Public, Restricted
Channel

View:
Can view only, if KMS allow guests (allowAnonymous=true)
Publish, Moderate, Manage:
Can’t participate


View:
Can view
Publish:
Can’t publish
Moderate, Manage:
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish, Moderate, Manage:
According to Category's contextual role
Public, Open
Channel
View:
Can view (regardless of contextual role)
Publish:
Can publish
Moderate, Manage:
According to Category's contextual role

 


In This Article