Skip to main content
Skip table of contents

Acorn Security Concepts

Acorn gives you complete control over which users can access which catalogs, and also what operations those users can perform on the catalogs they can access. This is achieved by creating appropriate Users, Roles and Groups and defining Permissions for them.

It is therefore important that, before creating a security configuration for Acorn, you understand these concepts.

Users

Everybody who requires access to Acorn must be allocated an individual user account and associate password. They will need this to log on to Acorn and access shared catalogs. An Acorn user is created by an administrator using the Acorn user admin panel.

Roles

Each user must be allocated at least one primary ‘Role’ (such as Editor, Producer, Logger etc.), plus any number of addition roles. The user’s roles determine what permissions that user will have in each Group that they are a member of. The primary role is used to determine certain UI settings.

Groups

A Group is used to gather together all the catalogs that belong to a single logical ‘production’. The precise meaning of a ‘production’ will depend on your organization’s business model, but might typically correspond to a particular client or project.

Each catalog can be assigned to a single Group (or is “unowned” and belongs to no group). Therefore where a user has access to more than one group, and they create a new catalog, it is necessary for the system to know which group a newly created catalog should be a member of. This is achieved by the user specifying which group they are currently working in (i.e. which “hat” they are wearing today) when they log on. The user can change their ‘current’ group at any time without logging off and back on.

There is a special predefined group, the System Group (with id 0), to which you can assign users if you want to give them access to all catalogs and groups throughout the system (perhaps they’re a manager, or the system administrator).

A “system administrator” can create new groups and edit anyone’s permission. A “group administrator” can create new users and assign them to his or her groups only (and can also grant existing users of other groups access to his groups) but can’t create new groups or edit permissions for other groups.

Permissions

Having defined your user’s Roles and your Groups you can then use Permissions to determine what access users with a given role have in each group. Permissions include such things as whether users with a particular Role are allowed to create or delete catalogs within a certain Group, and then whether they can create or delete clips within a catalog.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close