The CELUM Content permission system

These three principles for permissions allow CELUM Content to represent your organization's real-world employee hierarchy and privileges in a highly granular and efficient way.

General user types

In the CELUM Content help, users with different permission levels are simplified in three types who have access to different functions:

Consumer: Consumer users are normally only able to consume content, i.e. view, search and download it. Consumers users can neither upload new assets nor edit any metadata, independent of their local role permissions.
Contributor: Contributor users have all the permissions of consumers or read-only users and can additionally contribute to CELUM Content, e.g. by uploading assets, creating/editing collections and editing metadata.
Power user: Power users normally have all global permissions and in most cases also super-administrator-permissions, which grant them unrestricted access to all features of the application. All role-based permissions take effect for administrators.

Which global permissions are there?

Global permissions manage access to global functions which are only assigned to the user and are not tied to any specific object.

Upload assets: Allows you to upload assets or asset versions to the system.	Manage Content Type Permissions: Allows you to set "View" and "Use" permissions for collection types and asset types.
View expired assets: Allows you to view assets whose validity date has expired.	Manage System Tasks: Allows you to execute system tasks, for example for system cleanup or asset imports.
Edit expired assets: Allows you to edit metadata of assets whose validity date has expired.	Change Password: Allows you to change your own user password.
Download expired assets: Allows you to download assets whose validity date has expired.	Users and User Groups: Allows you to add, restructure, or remove users and user groups.
Administer PINs from other users: Allows you to edit PIN Links from other users.	Super-Administrator: Allows you to access every feature in the system and override local permissions on collections.

Not all of these global permissions can be set for every user. CELUM Content users have specific technical types. These technical types automatically restrict some of the global permissions. Find out how the technical user type influences the global permissions in the Administrator Guide in the Customer Knowledge Base.

Content type permissions

A special case of global permissions are content type permissions, i.e. the permission to view or use a specific collection type or asset type. These permissions are tied to the specific asset type or collection type and assigned to users.

Collection type permissions are not granted by default

Users can't see any of the collection types in the application by default. A power user must explicitly grant them the permissions for each collection type that they want to see.

Which local role-based permissions are there?

Roles only manage access to actions which users can execute on specific objects in the system. They are tied to a specific object and assigned to users on each object.

For collections, any role can define access to the following actions: View: The ability to view a specific collection and/or its child collections.	For assets within permission-defining collections, any role can define access to the following actions: View: The ability to view an asset.
Manage Role Assignment: The ability to assign roles to users on a specific collection.	Versions: The ability to manage or add asset versions.
Add/Delete/Move node: The ability to add, delete, or move the current collection and/or its child collections.	Security Context: The ability to link an asset to another collection with different local permissions.
Add/Delete/Move asset: The ability to link, delete, or move assets to or from the current collection and/or its child collections.	PIN: The ability to create, update, or delete PIN Links on the asset. The ability to edit the asset's name and availability.
Use in Information Fields: The ability to reference the current collection in referencing Information Fields.	The ability to edit the asset's metadata, down to field level.
Manage Own PIN: The ability to create, update, or delete PIN Links on the current collection and/or its child collections.	Download Formats: The ability to download a given asset in a specific download format.
The ability to edit the collection's name, validation level, and icon. The ability to edit the collection's metadata, down to field level.	Original Download: The ability to download an asset of a specific file type in its original format. You can restrict the original download to specific file extensions.