The system makes it possible to create and configure asset access rules for a specific user, group of users or organization. 

 Access rules can be created by users who have Picvario Administrator permissions.

Creating Access Rules

To create an access rule, open the system admin panel.

Find the PERMISSIONS section. Click on the Rules subsection name or use the Change link.

In the list that appears, all existing access rules for your Picvario workspace will be displayed.

Click ADD RULE+ in the top right corner:

This opens the page for creating a new access rule:

Group fields:

• Name. The access rule name. This field is mandatory.
• Slug. Symbol code of the group. If you leave this blank when creating it, the field will be filled in automatically.
•  Filter by asset properties. The field specifies an access rule in JSON format. The rule can be specified by asset name, tags, public availability, properties. This field is mandatory.

Examples:

1. {} - the access rule applies to all assets, the field is considered blank.
2. {"title":"USA"} - the access rule applies to assets with the name USA.
3. {"prop__public": false} - the access rule applies to all non-public assets.

The value of the filter already entered by the administrator can be copied in JSON format if you enter the required filter in the drop-down menu of the advanced search for assets on the public page.

• User. The user to whom the rule will apply. Select an email address from the list. If you don't select an email, the rule will apply to all users.
• Group. The user group to which the rule will apply. Select the name of the group from the list. If you don't select user and group email, the rule will apply to all users.
• Owner. The user who created the rule. Select your email address from the list. This field is optional.
• Organizations. The organization to which the rule will apply. Select the name of the organization from the list.

With watermark perm. If Read perm is checked, the permission allows to view assets with watermarks.

View and download supporting file. The permission allows you to view and download supporting files.

Update perm. This permission allows the user/group/organization to edit the asset properties on the right sidebar.

Delete perm. The delete permission allows the user/group/organization to delete assets.

Can create direct links perm. This permission allows creating direct links to assets and collections.

Export download perm. The export permission allows the user/group/organization to download the original high-resolution asset.

Export Export FTP perm. The permission allows the user/group/organization to export assets to FTP servers.

Workflow perm. The permission allows the user/group/organization to run system workflows.

If a user/group/organization of users has multiple permissions to access the same assets, they all apply.

• Is system: this means that the access rule is not a system rule. You can only create non-system access rules. Access rules marked with the is_system flags are pre-configured for correct functioning of the system.

   By default, all new users get into the Unverified group with read with watermark permissions.

System access rules

There are two access rules in Picvario: Public and Owner.
The Public rule defines access rights for unauthorized users. By default, this is the right to view public assets.
The Owner rule defines access rights for the owner of the asset (the user who uploaded it). By default, this is the full set of rights.

Creating import permission

Import permission allows users to upload files into the system. To create import rule for a group of users go to Home › Authentication and Authorization › Groups. Choose the necessary group by clicking on it. In the Functional Permissions window find content | asset | Can import and click the right arrow to move the rule to the Chosen permissions.

Press Save.

To create import rule for a single user go to Home › Users › Users. Choose the user by clicking on it, locate the Functional permissions window and repeat the actions above.

Working with collections permission

By default, a user can work only with the collections they created (for example, during the asset import process). To work with common and public collection, users need special permission.

The permission can be set up for both a group and an individual user. 

The permission setting for a group is controlled in the admin panel -Home → Authentication and Authorization → Groups. Choose the necessary group by clicking on it. In the Functional Permissions window find content | collection | Can work with common collections  and content | collection | Can work with common and public collections and click the right arrow to move the rule to the Chosen permissions.

Press Save.

Actions that can be taken with different settings: 

- You can create and work with your own collections, 

- You cannot change the collection to public or common,

- You cannot add or remove assets from common and public collections,

- Cannot change the main asset in common and public collections. 

Owner of a collection WITH common PERMISSION: 

- You can make your collection common,

- You can work with common collections (edit properties and delete),

- You can add or remove assets from common collections,

- You can change the main asset in common collections, 

- You cannot change the collection type to public.

Owner of a collection WITH common AND PUBLIC PERMISSION: 

- You can make your collection public or common,

- You can work with common collections (edit properties and delete),

- You can work with public collections (edit properties and delete),

- You can add or remove assets from common and public collections,

- You can change the main asset in common and public collections. 

The administrator can:

- See all collections, including other users' private collections,

- Work with all collections,

- Filter collections, include and exclude other users' private collections. To do this, use the filter as shown in the screenshot below.

To create import rule for a single user go to Home › Users › Users. Choose the user by clicking on it, locate the Functional permissions window and repeat the actions above.

Rights to work with linked assets

Read the article about linked assets.
The rights to work with linked assets for a group of users are defined in the Home > Authentication and Authorization > Groups section.
To grant the right, find the desired group in the list, click on it. In the window that opens, in the Functional Permissions section, find content | asset | Can view linked assets and content | asset | Can edit links between assets and click the right arrow to move the rules to the Chosen permissions window.

Click Save.
Viewing linked assets gives you the right to view linked assets.
Editing links between assets gives you the right to create links between assets and unlink them.