Understanding the MediaSpace 5.0 Setup

Kaltura MediaSpace features fine grained governance rules that grant specific permissions to content on the MediaSpace site. To explain your options, this setup-related article describes the different site sections, roles, and permissions that you can configure for MediaSpace.

This articles focuses on setups that include user permissions, referred to as entitlement enabled.

To start learning about MediaSpace, refer to the Creating and Managing Channels in Kaltura MediaSpace, which describes channels and user permissions in terms of site features.

Enabling User Permissions – Prerequisites

Contact your Kaltura Project/Account Manager to confirm that the following prerequisites are implemented:

  • Entitlement services are enabled and enforce entitlement is set to true in your account settings.
  • (Optional) The Like feature is enabled in your account settings.
  • A root category is set up for MediaSpace in the KMC (see Managing Categories in the KMC.)

Assigning user permissions is usually handled in bulk using a comma-separated value (CSV) file. To learn more about the End-User Entitlements CSV, refer to the End-User Entitlements CSV.

Understanding Content Collections

Content collections in MediaSpace are defined as either categories or channels. Your MediaSpace instance can include one or both.

Understanding Categories

Categories represent a centrally curated structure and hierarchy that is available from the MediaSpace navigation side panel. Media can be organized around specific topics in either a hierarchical or a flat navigation layout. When MediaSpace is used as a company/institution-wide media portal, categories are usually shared with the entire organization and may also be available to the public on the web.

Categories define the taxonomy and hierarchical structure of your MediaSpace site. You can access categories through the Navigation icon and browse your content according to the categories in which they are contained. Each category opens up the list of sub-categories that are pre-configured by your account administrator. 

Understanding Channels

Channels are media collections that can be accessed by a subset of users (or all authenticated users). Channels can be created and managed by authorized MediaSpace users or can be provisioned centrally by a KMC admin.

Categories vs. Channels

Understanding Roles and Permissions for Categories and Channels

Entitlement permissions are used to assign permissions to categories or channels (for example, enabling a user to add content to a channel).

Application Roles apply globally, while entitlement permissions are contextual. An example of contextual channel permissions is a user with Manager permissions for one channel and lower-level Contributor permissions for another channel.

For a user to perform an action that permission allows, the action must be allowed by the user's application role. Therefore, you must ensure that a user with permission of Contributor or higher (see Understanding Permissions) is assigned a role of privateOnlyRole or higher (see Application Roles). Otherwise, the user is not able to upload content to MediaSpace despite the permission that entitles the user to contribute content.

A Channel Manager can assign permissions in MediaSpace. The channel manager selects the kind of access that users have for the channel. If the channel type is restricted or private, the channel manager adds members and assigns member permissions. To learn more, refer to Kaltura MediaSpace Channels and Permissions Planning Guide.

Understanding Privacy Types

MediaSpace supports the following privacy types for categories:

  • Open: All users are entitled to access the category (anonymous or authenticated, depending on the configuration of your site) but only specific users are entitled to contribute content.
  • Restricted: All authenticated users are entitled to access the category, but only specific users are entitled to contribute content.
  • Private: Only specific users are entitled to access the channel and to contribute content.

MediaSpace supports the following privacy types for channels:

  • Open: All authenticated users are entitled to access the channel and contribute content.
  • Restricted: All authenticated users are entitled to access the channel, but only specific users are entitled to contribute content.
  • Private: Only specific users are entitled to access the channel and to contribute content.

Channel type definitions are displayed in MediaSpace under Channel Settings>Basic:

KMC entitlement definitions are displayed in the KMC under Content>Categories>Edit Category window>Entitlements tab:

If modifications are made in the KMC that do not correspond to one of the channel types, MediaSpace behavior will follow the KMC definition, not the designated type.

For more information, refer to Managing Content Entitlement.

Understanding Application Roles

MediaSpace application roles apply globally and include:

  • anonymousRole – Can browse your site anonymously until trying to access pages/actions that require login: My Media, My Playlists, and Add New.
  • viewerRole:
    • Can browse public galleries
    • Is not authorized to upload new content
    • Does not have a My Media page
  • privateOnlyRole:
    • Can upload content to My Media
    • Cannot publish to galleries
    • Can add media
  • adminRole:
    • Can contribute content to all categories
    • Can upload content
  • unmoderatedAdminRole – Can upload content and bypass moderation (when moderation is enabled for an account)

MediaSpace application roles are backward compatible.

Modifying Application Role Names

You can modify MediaSpace application role names to match your institutional terminology.

Assigning Application Roles to Multiple Users in Bulk

You can assign application roles to multiple users with a bulk action. You use an End Users CSV that includes an option to assign roles.

Understanding Entitlement Permissions

While an application role applies to your entire MediaSpace site, some permissions may be category or channel-specific.

You set user permissions to a specific content collection by applying the following permission levels:

  • Member: Can access a channel or category but cannot add new content.
  • Contributor: Can add content to a channel or category.
  • Moderator: In addition to the Contributor permission, can moderate content.
  • Manager: In addition to the Contributor permission, can moderate content and access settings, including change metadata, edit members, change appearance, and delete channel. See Understanding Roles and Permissions.

In channels: All permission levels are relevant for channels.

In galleries: Only the Contributor and Member permission levels are relevant to galleries. Assigning a list of users as Members enables the users only to access a gallery. Assigning a list of users as Contributors enables the users to access a gallery and add media. (A user with the Admin application role also can add media.)

Understanding Roles and Permissions

Who can upload content to MediaSpace?

A user with an application role of privateOnlyRole and higher (adminRole, unmoderatedAdminRole) can upload content to MediaSpace.

Who can view categories?

By default, categories can be accessed by all authorized users.

When Anonymous mode is enabled, open categories can also be viewed by anonymous users.

To enable Anonymous mode

  1. On the Configuration Management panel of the Kaltura MediaSpace Administration Area, open the Auth tab.
  2. Under allowAnonymous, select Yes and click Save.


Who can view or contribute content to a category/channel?

The following table describes the different scenarios depending on your KMS configuration and entitlements settings:

Privacy Type







Anonymous +

(if KMS is enabled for anonymous mode)

Any Authenticated User


Contributor +

adminRole +

Any Authenticated User




Any Authenticated User

Any Authenticated User


Contributor +

Contributor +




Member +

Member +


Contributor +

Contributor +

How does a user become a manager?

A user can become a manager in the following ways:

  • The End-User Entitlements CSV includes fields for assigning a manager, contributors, and member permissions for each user and channel.
  • An authorized user who creates a channel is assigned as the channel owner with managerial rights. An owner can add additional managers, contributors, and members to a channel.

How does a user join a channel?

An end user cannot join a channel. The sys-admin or channel manager must authorize the user. An authenticated user can access channels that are Open or Restricted.

Who can create a channel?

A user with a role that is defined as a channel creator can create a channel. You define the user roles that can create a channel. See Setting Permissions for Creating a MediaSpace Channel.

Who can delete a channel?

The following are authorized to delete a channel:

  • From MediaSpace: The channel owner/manager
  • From the KMC: A KMC admin
In This Article
Was this article helpful?
Thank you for your feedback!