About
Galleries incorporate a roles and permissions system by which gallery owners and managers can invite users and assign them specific roles. These roles define the actions they can perform in the gallery, such as enabling a user to add content to a gallery. These are the Contextual roles given in the context of a specific gallery.
Contextual roles are bound by a higher level of roles and permissions called the Applicative roles. The Applicative roles are assigned to users globally by the KMS administrator in order to manage user access and control content distribution throughout the site.
To understand how all this really works, let's explore the two levels of Applicative and Contextual roles and their corresponding permissions.
Applicative roles
Applicative roles apply globally and concern what a user is entitled to do in the entire MediaSpace site. The applicative roles are Viewer role, Private only role, Admin role, and Unmoderated admin role, and they are assigned in the Configuration Management console (shown below):
Applicative roles diagram
Viewer role
- Can browse open galleries and other gallery types by entitlement.
- Can't upload new content and doesn't have a My Media page.
Private only role
- Can browse open galleries and other gallery types by entitlement.
- Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry.
- Can publish to any type of gallery by entitlement. Content published by a user with this role is subject to moderation if enabled on the gallery.
Admin role
- Can browse open galleries and other gallery types by entitlement.
- Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry.
- Can publish to all open galleries and other gallery types with permission. Content published by a user with this role is subject to moderation if enabled on the gallery.
Unmoderated admin
- Can browse open galleries and other gallery types by entitlement.
- Can contribute content with the available video creation tools enabled in their account, such as uploading content, recording from a webcam, recording screen, adding YouTube links, and creating a live stream entry.
- Can publish to all open galleries and other gallery types with permission. Content published by a user with this role will bypass moderation if enabled on the gallery.
Anonymous
An additional type of role is anonymous. Users can browse your site anonymously when 'anonymous' mode is enabled (your system administrator can enable this in the Auth module by setting allowAnonymous to 'Yes'). When an anonymous user clicks a link or button that requires a more advanced role, for example, My Media, My Playlists or +Create, a login screen will display.
Assigning roles can be handled in bulk using a comma-separated value (CSV) file. To learn more, refer to our article How to add users using the bulk upload option.
MediaSpace application roles are backward compatible.
You can modify MediaSpace application role names to match your institutional terminology. See our Administration pages article for more information.
Contextual roles
Contextual roles concern what a user is entitled to do within the context of the gallery. The contextual roles are Member, Contributor, Moderator, and Manager. For example, a user might have a Manager role for one gallery and a Contributor role for another gallery. Contextual roles are assigned by the gallery manager. See Edit a gallery for more information.
Contextual roles diagram
Member
- Can access a gallery they're associated with and view its content.
- Can't add new content to the gallery they're associated with.
Contributor
- Can access a gallery they're associated with and view its content.
- Can add new content subject to moderation to the gallery they're associated with and in accordance with their KMS application role (PrivateOnly role and above).
- Can edit or delete their own content.
Moderator
- Can access a gallery they're associated with and view its content.
- Can add new content to the gallery they're associated with in accordance with their KMS application role (PrivateOnly role and above).
- Can access the moderation queue and approve or reject contributed content.
- Can edit or delete their own content.
Manager
- Can access a gallery they're associated with and view its content.
- Can add new content to the gallery they're associated with in accordance with their KMS application role (PrivateOnly role and above).
- Can edit or delete their own content.
- Can access the moderation queue and approve or reject contributed content.
- Can edit the settings for the gallery, invite and manage users' permissions, access gallery analytics, and create sub-galleries.
- Can delete the gallery.
The applicative role takes precedence, for example, a user with the role of Contributor won't be able to upload content if they've been assigned an applicative role of Viewer.
Gallery privacy options
The gallery privacy options (aka gallery types) are open, restricted, or private. The privacy options are configured in the gallery Edit page:
- Open: Anyone can view content (including anonymous users) but only admin role users and users with entitlements can contribute content.
- Restricted: All logged-in users can view content but only users with entitlements can contribute content.
- Private: Only users with entitlements can view and contribute content.
To learn how to manage users' entitlements for a gallery, see Edit a gallery - Add Users.