Kaltura MediaSpace features fine grained governance rules that grant specific permissions to content on the MediaSpace site. To explain your options, setup-related article describe the different site sections, roles, and permissions that you can configure for MediaSpace.
This articles focuses on setups that include user permissions, referred to as entitlement enabled.
To start learning about MediaSpace, refer to the Creating and Managing Channels in Kaltura MediaSpace, which describes channels and user permissions in terms of site features.
Enabling User Permissions – Prerequisites
Contact your Kaltura Project/Account Manager to confirm that the following prerequisites are implemented:
- Entitlement services are enabled and enforce entitlement is set to true in your account settings.
- (Optional) The Like feature is enabled in your account settings.
- A root category is set up for MediaSpace in the KMC (see Managing Categories in the KMC.)
Assigning user permissions usually is handled in bulk using a comma-separated value (CSV) file. To learn more about the End-User Entitlements CSV, refer to the End-User Entitlements CSV.
Understanding Content Collections
Content collections in MediaSpace are defined as either categories or channels. Your MediaSpace instance can include one or both.
Categories represent a centrally curated structure and hierarchy that is available from the MediaSpace navigation side panel. Media can be organized around specific topics in either a hierarchal or a flat navigation layout. When MediaSpace is used as a company/institution-wide media portal, categories usually are shared with the entire organization and also may be available to the public on the web.
Categories define the taxonomy and hierarchical structure of your MediaSpace site. You can access categories through the Navigation icon and browse your content according to the categories they are contained in. Each category opens up the list of sub-categories that are pre-configured by your account administrator.
Channels are media collections that can be accessed by a subset of users (or all authenticated users). Channels can be created and managed by authorized MediaSpace users or can be provisioned centrally by a KMC admin.
Categories vs. Channels
Understanding Roles and Permissions for Categories and Channels
Entitlement permissions are used to assign permissions to categories or channels (for example, enabling a user to add content to a channel).
Application Roles apply globally, while entitlement permissions are contextual. An example of contextual channel permissions is a user with Manager permissions for one channel and lower-level Contributor permissions for another channel.
For a user to perform an action that a permission allows, the action must be allowed by the user's application role. Therefore, you must ensure that a user with a permission of Contributor or higher (see Understanding Permissions) is assigned a role of privateUploader or higher (see Application Roles). Otherwise, the user is not able to upload content to MediaSpace despite the permission that entitles the user to contribute content.
A Channel Manager can assign permissions in MediaSpace. The channel manager selects the kind of access that users have for the channel. If the channel typ is restricted or private, the channel manager adds members and assigns member permissions. To learn more, refer to the Kaltura MediaSpace User Manual..
MediaSpace supports the following privacy types for categories:
MediaSpace supports the following privacy types for channels:
Channel type definitions are displayed in MediaSpace under Channel Settings>Basic:
KMC entitlement definitions are displayed in the KMC under Content>Categories>Edit Category window>Entitlements tab:
If modifications are made in the KMC that do not correspond to one of the channel types, MediaSpace behavior will follow the KMC definition, not the designated type.
MediaSpace application roles apply globally and include:
MediaSpace application roles are backward compatible.
Modifying Application Role Names
You can modify MediaSpace application role names to match your institutional terminology.
Assigning Application Roles to Multiple Users in Bulk
You can assign application roles to multiple users with a bulk action. You use an End Users CSV that includes an option to assign roles.
While an application role applies to your entire MediaSpace site, some permissions may be category or channel-specific.
You set user permissions to a specific content collection by applying the following permission levels:
In channels: All permission levels are relevant for channels.
In galleries: Only the Contributor and Member permission levels are relevant to galleries. Assigning a list of users as Members enables the users only to access a gallery. Assigning a list of users as Contributors enables the users to access a gallery and add media. (A user with the Admin application role also can add media.)
Who can upload content to MediaSpace?
A user with an application role of privateOnlyRole and higher (adminRole, unmoderatedAdminRole) can upload content to MediaSpace.
Who can view categories?
By default, categories can be accessed by all authorized users.
When Anonymous mode is enabled, open categories can also be viewed by anonymous users.
To enable Anonymous mode
Who can view or contribute content to a category/channel?
The following table describes the different scenarios depending on your KMS configuration and entitlements settings:
How does a user become a manager?
A user can become a manager in the following ways:
How does a user join a channel?
Who can create a channel?
A user with a role that is defined as a channel creator can create a channel. You define the user roles that can create a channel. See Setting Permissions for Creating a MediaSpace Channel.
Who can delete a channel?
The following are authorized to delete a channel: