Digital Asset Management Terminology
FileSpin is a Cloud-based Digital Asset Management Solution. The following terms have specific and actionable meaning within FileSpin :-
Term | Definition |
---|---|
Asset | A File and it's Metadata. |
Asset ID | Each Asset will have an identifier called Asset ID which is unique (see UUID (RFC1422). |
Role | Defined as a set of permissions that allow associated actions within FileSpin |
User | A valid FileSpin account that has a Role |
What is an Asset
Asset is the main entity around which the whole world of FileSpin revolves. An asset comprises the content you want to manage and its associated metadata.
A simple way to remember what an Asset is:
ASSET = CONTENT + METADATA
CONTENT
is:-- Original file and
- One or more derivative content such as image conversions, video transcodes, etc
METADATA
is:-Core metadata
such as file size, image height/width, that cannot be updated by user, andCustom metadata
added by user
Who is a User
Access to FileSpin is through a User (a.k.a. User Account). A User Account provides login-based access to Web Dashboard and HTTP API access to FileSpin.
What is a User Role
The User Role determines the actions a User Account can perform within FileSpin. Each User has a Role assigned.
FileSpin provides the following system-defined user roles:-
Role ID | Role Name | Description |
---|---|---|
1 | ADMIN | Manage assets (create/upload, view, edit, download, distribute, delete, restore & purge), manage users (create, update and disable), manage global settings |
2 | MANAGER | Manage assets (create/upload, view, edit,download, distribute, delete, restore), manage their own settings |
3 | CREATOR | Create/upload, edit, download and distribute assets |
4 | USER | View and download assets |
When using a User's API Key or JWT to make API calls, developer must ensure the API call requests an authorized action as defined by the User's role. If an unauthorized API call is made, the API will return a 401 HTTP code.
What are User Permissions
Permissions are string tokens that define what actions a user is allowed to perform. Permissions are determined by User Role as below.
Role ID | Role Name | Permissions | Description |
---|---|---|---|
1 | ADMIN | CREATE_ASSET , DELETE_UNDELETE_ASSET , PURGE_ASSET , EDIT_ASSET , READ_ASSET , DISTRIBUTE_ASSET , UPDATE_SETTINGS , USER_ADMIN | Administer users, assets and settings, purge deleted assets |
2 | MANAGER | CREATE_ASSET , DELETE_UNDELETE_ASSET , EDIT_ASSET , READ_ASSET , DISTRIBUTE_ASSET , UPDATE_SETTINGS | Manage assets and update settings |
3 | USER | READ_ASSET | View and download assets |
4 | CREATOR | CREATE_ASSET , DELETE_UNDELETE_ASSET , EDIT_ASSET , READ_ASSET , DISTRIBUTE_ASSET | Upload assets and update settings |
What are User Groups
User Group comprises the set of Users created by a User Administrator. User Group allows a User Administrator to provide shared access to assets within a Group regardless of which user in that group created the asset.
Asset Access Security
Here is the heuristics FileSpin implements for securing Asset access using Users, Roles, Permissions and Groups:-
- All access is via API key or JWT (see Authentication for details)
- Assets are owned by the User who created it
- Asset operations that a User can is determined by the User's Role
- A User can access an asset only if atleast one of the below two conditions are met:-
- if the User created the asset or
- if the User has
Group Asset Access
setting enabled by User Administrator and one of their group members created the asset