CatDV Server Enterprise gives you complete control over which users can access which catalogs, and also what operations those users can perform on the catalogs they can access. This is achieved by creating appropriate Users, Roles and Production Groups and defining Permissions for them.
It is therefore important that, before creating a security configuration for CatDV Server, you understand these concepts.
Everybody who requires access to CatDV Server must be allocated an individual user account and associate password. They will need this to log on to CatDV Server and access shared catalogs. A CatDV user is created by an administrator using the CatDV user admin panel and is distinct from the operating system user.
Note that creating CatDV users and setting their permissions only controls access to the metadata held in the CatDV database. It does not prevent users physically accessing the media files if they have access to them via the file system.
Each user must be allocated a particular ‘Role’, such as Editor, Producer, Logger etc. The user’s role determines what permissions that user will have in each Production Group that they are a member of.
A Production Group is used to gather together all the catalogs that belong to a single logical ‘production’. The precise meaning of a ‘production’ will depend on your organisation’s business model, but might typically correspond to a particular client or project.
Each catalog can be assigned to a single Production Group (or is “unowned” and belongs to no group). Therefore where a user has access to more than one production group, and they create a new catalog, it is necessary for the system to know which production group a newly created catalog should be a member of. This is achieved by the user specifying which group they are currently working in (i.e. which “hat” they are wearing today) when they log on. The user can change their ‘current’ group at any time without logging off and back on.
There is a special predefined group, the System Group (with id 0), to which you can assign users if you want to give them access to all catalogs and groups throughout the system (perhaps they’re a manager, or the system administrator).
A “system administrator” can create new groups and edit anyone’s permission. A “group administrator” can create new users and assign them to his or her groups only (and can also grant existing users of other groups access to his groups) but can’t create new groups or edit permissions for other groups.
Having defined your user’s Roles and your Production Groups you can then use Permissions to determine what access users with a given role have in each production group. Permissions include such things as whether users with a particular Role are allowed to create or delete catalogs within a certain Production Group, and the whether they can create or delete clips within a catalog.
Differences from earlier versions
Roles are a new feature in CatDV 9. In earlier versions of CatDV permissions and group membership were directly assigned to individual users, which meant that any permission changes had to be applied to each user in turn to keep them in sync. When you first switch to the new client and server, new roles are created automatically based on the existing permissions and given a name starting with ‘##’. You should review and consolidate these roles and give them more meaningful names as required.
If necessary, you can keep the old permissions scheme by unchecking the “User roles” option in the Server Control Panel.