Other Topic Library Versions

GV STRATUS security considerations

Take the following into consideration when configuring GV STRATUS security.

  • If the permission on an asset does not allow you to read the asset, the GV STRATUS system hides the asset from you and does not return the asset in your search results. This behavior is different than the Windows operating system, in which a file is visible even if no permissions are allowed.
  • Bins inherit permissions as follows:
    • When creating a bin, the bin automatically inherits the permissions of its parent bin.
    • When changing permissions on a bin, permissions are not recursive. Sub-bins do not inherit the changed permissions of parent bins. This is true even if Apply Permissions to All Contained Assets is selected.
  • Deny permissions take precedence over Allow permissions. Use Deny permissions sparingly as they can cause confusion with group permissions. For example, if a specific user is assigned Deny permissions, then those permissions override the permissions that are otherwise allowed for the group to which the user belongs. This then requires the system administrator to manage access control for specific users, rather than being able to manage access control for groups, which is a recommended best practice.
  • Owners automatically have Read, Write, and Delete permissions. These permissions take precedence over any Allow or Deny permissions that might be set otherwise. Owners also have security options while copying/moving/sending assets and creating/deleting/updating markers and segments.
  • If you want to copy assets, read permissions on the (source) asset and write permissions on the destination are required.
  • Consider the tools and workflow required for user accounts affected by changes in security settings. If GV STRATUS security is enforced, your credentials must give you adequate permissions. If permission is restricted, buttons, list items, and other controls can be disabled or hidden. Bins, assets, and metadata that do not have read permissions are not visible. Markers and segments permissions must be set to Allow in order to create, update, or delete markers and segments.
  • The following roles allow user operations similar to the way GV STRATUS system access permissions allow user operations:
    • Delete Rights
    • Move Rights
    • Rename Bin Rights
    • Rename Asset Rights
    To allow/deny user operations using access permissions only, ensure that all user accounts are assigned the above roles.
  • Access to assets on a remote site is limited to read-only, regardless of other permission settings. Therefore, only read not allowed or read denied effect access to remote assets. Modify and delete permissions have no effect.
Parent topic: Security

Copyright © 2018 Grass Valley Canada. All rights reserved. GV STRATUS 6.5 gvtp_20181001_01:18:31