Kaltura MediaSpace/Kaltura Application Framework (KAF) Roles and Permissions

The following information is crucial to understanding how permissions are manifested in KMS and KAF. User roles are split into 2 types - Applicative roles and Contextual roles.

  • Applicative Roles - Concerns what a user is entitled (or not) to do in the context of the application. 
  • Contextual  Roles -  Concerns what a user is entitled (or not) to do in the context of Galleries / Channels.

KMS/KAF Applicative Roles


Permission

Description

1

Applicative Role -  anonymousRole

This is a global role in Kaltura MediaSpace.  The user can browse the site anonymously until they try to access pages or actions that require login

2

Applicative Role - viewerRole

This is a global role in Kaltura MediaSpace.  After logging in to the site the user can browse open galleries.  The use is not authorized to upload new content.  The user does not have a My Media personal repository page

3

Applicative Role – privateOnlyRole

This is a global role in Kaltura MediaSpace.  After logging in to the site the user can browse open galleries.  The user can utilize authorized contribution tools which can include upload content, record from webcam, record from Capturspace, record screen, add YouTube link, and create a live stream entry.  The user can publish to a category/channel by entitlement

4

Applicative Role - adminRole

This is a global role in Kaltura MediaSpace.  After logging in to the site the user can browse open galleries.  The user can utilize authorized contribution tools which can include upload content, record from webcam, record from Capturspace, record screen, add YouTube link, and create a live stream entry.  The user can publish to all open categories and all restricted/private categories/channels by entitlement.  Content published by a user with this role is subject to moderation

5

Applicative Role -  unmoderatedAdminRole

This is a global role in Kaltura MediaSpace.  After logging in to the site the user can browse open galleries.  The user can utilize authorized contribution tools which can include upload content, record from webcam, record from Capturspace, record screen, add YouTube link, and create a live stream entry.  The user can publish to all open categories and all restricted/private categories/channels by entitlement.  Content published by a user with this role will bypass moderation when moderation is enabled for the account


KMS/KAF Contextual Roles


Role

Description

1

Contextual Role - Member

Within a Kaltura MediaSpace content collection a Member can access a channel/category they are associated with, the member can view content in that channel/category, but the member cannot add new content to that channel/category. A Member may join Live Rooms.

2

Contextual Role – Contributor

Within a Kaltura MediaSpace content collection a Contributor can access a channel/category they are associated with, the Contributor can view content in that channel/category, the contributor can add new content to that channel/category subject to moderation in accordance with their KMS Application Role. A Contributor may  join Live Rooms.

3

Contextual Role – Moderator

Within a Kaltura MediaSpace content collection a Moderator can access a channel/category they are associated with, the Moderator can view content in that channel/category, the Moderator can add new content to that channel/category subject to moderation in accordance with their KMS Application Role.   The Moderator can access the moderation queue if enabled on that channel/category and approve/reject contributed content that has been assigned to the moderation queue of that channel/category. The Moderator may start Live Rooms.

4

Contextual Role - Manager

Within a Kaltura MediaSpace content collection a Manager can access a channel/category they are associated with, the Manager can view content in that channel/category, the Manager can add new content to that channel/category subject to moderation in accordance with their KMS Application Role.   The Manager can access the moderation queue if enabled on the channel /category and approve/reject contributed content that has been assigned to the moderation queue.  The Manager can access/edit the settings for the category/channel including: change metadata, change moderation and commenting, edit/add/delete users associated with the category/channel and set their entitlement role, change appearance and delete the channel.   The Manager can view/print/save the channel media analytics.  The Manager can organize the content in a channel as playlists. The Manager may start Live Rooms.

Gallery/Channel Types

  • Galleries
    • Open Gallery - Anyone can view content (including anonymous users) but only admin role users and category members can contribute content.
    • Restricted Gallery - All logged in users can view content but only Category members can contribute content.
    • Private Gallery - Only Category members can view and contribute content.
      Note: Sub categories under a private category will be visible only to members of those sub categories
  • Channels
    • Open Channel - All logged in users can view and contribute content (contribution is not allowed for viewer-role users).
    • Restricted Channel - All logged in users can view content and only channel members can contribute content.
    • Private Channel - Only channel members can view and contribute content.
    • Shared Repository - Only channel members can view and contribute content; Content may be published to other channels, according to publishing entitlements.
    • Public, Restricted Channel - Anyone can view content (including anonymous not logged-in users). Only channel members can contribute content according to their publishing entitlements.
    • Public, Open Channel - Anyone can view content (including anonymous not logged-in users) and all logged in users can contribute content.
  • Media Gallery (KAF only) - Permission to view is set on the hosting application. Other capabilities are with contextual roles.

The following table summarizes the permissions for different user applicative & contextual roles, in the context of channels / galleries.  

Applicative Role anonymousRoleviewerRoleprivateOnlyRoleadminRole
Open GalleryView:
Can view only, if KMS allow guests (allowAnonymous=true)

Publish, Moderate, Manage:
Can’t participate

View:
Can view (regardless of contextual role)
Publish:
Can’t publish
Moderate, Manage 
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish, Moderate, Manage 
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish
Can publish
Moderate, Manage 
According to Category's contextual role
Open Channel

No access


View:
Can view (regardless of contextual role)
Publish:
Can publish
Moderate, Manage:
According to Category's contextual role
Restricted
Category

No access

Same as Open.View:
Can view (regardless of contextual role)
Publish, Moderate, Manage:
According to Category's contextual role
Restricted
Channel

No access

Same as Open.
Private
Category, 

Private
Channel, 

Media Gallery

No access


No access

View, Moderate, Manage:
According to Category's contextual role
Publish:
Can’t publish

View, Publish, Moderate, Manage:
According to Category's contextual role
Shared Repository

No access

View, Moderate, Manage:
According to Category's contextual role
Publish:
Can’t publish

View, Publish, Moderate, Manage:
According to Category's contextual role
Public, Restricted
Channel

View:
Can view only, if KMS allow guests (allowAnonymous=true)
Publish, Moderate, Manage:
Can’t participate


View:
Can view
Publish:
Can’t publish
Moderate, Manage:
According to Category's contextual role
View:
Can view (regardless of contextual role)
Publish, Moderate, Manage:
According to Category's contextual role
Public, Open
Channel
View:
Can view (regardless of contextual role)
Publish:
Can publish
Moderate, Manage:
According to Category's contextual role

 

Important Information Regarding Collaboration: 


Please note that if collaboration is enabled on KMS/KAF, a user with any role (not guests) who is co-publisher or co-editor can publish or edit content, even though that user does not have My Media. See Change Media Owner and Add Collaborator for instructions on changing media owners and adding collaborators to media. See MediaCollaboration module for information on enabling and configuring this type of functionality.



This is also true for the use of Browse Search and Embed (BSE). However, publishing via BSE requires a different setting in the Browseandembed module to allow use of the BSE: 



In This Article
Was this article helpful?
Thank you for your feedback!