Assigning Permissions to Folders

Permissions in BAM! are granted at the folder level, and allow a great deal of flexibility in how users access and work with content stored in the DAM.  To make this more understandable, we use the concept of privileges to assign a set of aligned permissions, rather than treat them all separately.  The privileges may be assigned to groups or individuals, depending on the desired outcome.

Privileges

Each privilege described here can be assigned at folder level to a user or group separately, or in combination with others to achieve the required level of permissions:

  • Traverser — a user with the Traverser role on a folder may navigate through the folder to access subfolders but will be unable to view any content in the folder.  This is necessary when greater access is granted farther down in the folder structure.
  • Viewer — this role provides only read-only access to the contents of a folder.  A user may view assets, but will not be permitted to edit them or add new content.  
  • Mobile User — the Mobile User role gives unrestricted view access to all folders and assets in the MST endpoint.  By default, this user will not have access to the library.  
  • Creator — the Creator role is limited to adding new content, either by uploading it or using one of the builders.  The Creator may also view existing content, but cannot edit or delete it.
  • UGC Creator — User-Generated Content Creators are MST users that are allowed to create and upload content from their mobile devices.
  • Editor — Editors can create new assets and edit or delete existing ones.  This includes image cropping, editing names, descriptions, or tags, moving assets or copying them and removing them from the DAM.
  • Publisher — the Publisher role does not inherit the permissions granted to the Editor role.  Instead, the Publisher is permitted to publish content to an endpoint, like the Mobile Sales Tool.  Publishing requests still need to be approved, but the Publisher determines where content will be delivered, and may set appropriate permissions and create folders in an endpoint to accomplish this.
  • Approver — Like the Publisher, this is a special role used for BAM!’s publishing workflow.  Once a publishing request has been submitted, the approver is notified via email or in-app notification and may review the content and endpoint location to verify it is correct.  Approvers may approve or deny publishing requests and provide feedback to the publisher when necessary.
  • Content Admin — This role has full administrative control over all content in the DAM.  Content Admins may create, edit, and delete assets, set permissions, publish, and approve content. This role should be applied carefully since they have very few limits on what they can do.
  • Admin — This role has full control over all of the Settings in the DAM, but no control over content.  You must have the Admin role enabled to view or modify the Settings & Permissions menus, and only an Admin can invite & add new users.

For a full list of the actions each role can perform, click Settings in the top navigation bar, then click Privileges on the left.  The displayed grid contains all permissions as they exist in BAM!:



Setting Folder Permissions

To set permissions on a folder, right-click it within the directory pane and select Set Permissions:



In the Set Folder Permissions dialog box, you may add groups or users, then assign them permissions for that particular folder.  When you open a folder's permissions it will default to the user view. Initially, folders do not start with any permissions set at the user level, and will display a relatively blank page when opened for the first time:



Clicking the Add a User dropdown box will allow you to choose individual users to whom you can apply permissions specific to the folder you have selected:



Applying folder permissions to a group instead of an individual user is just as intuitive.  The Add a Group dropdown box will allow you to assign specific folder permissions to any groups that your organization has defined:



You can modify a user's or a group's permissions at any time by right-clicking on the folder again, clicking Set Permissions and the checking or unchecking the desired permissions and clicking OK. You can remove a user or group entirely from a folder's permissions by checking the box in front of that user's or group's name and clicking on the Remove Selected button:



NOTE: a new folder will inherit the permissions of its parent folder, but existing folders will not be updated automatically when the parent’s permissions change.  For this reason, it is important to plan both the folder structure and accompanying permissions/roles at the same time.  It is much easier to set permissions on a root folder and then create all of the subfolders than it is to do it afterward.  

Editing Group Permissions

BAM's user permissions can also be managed by an Admin through group permissions. Under the Groups setting of the Permissions Settings you can see all of your organization's active groups, with a description of the group's purpose and a listing of all the members of each group.  By default, there is a System Group that matches up with each of the privileges listed above.  Clicking on the Edit icon will allow you to move users into or out of those particular system groups, giving or removing those particular privileges:



Content Admins can also set the permissions by editing the group from within the Groups Permissions Settings.  Clicking on the Edit icon will open the group's detail page, from which the group's name, description and membership can be modified, and clicking on the Permissions tab will allow you to assign that group specific permissions to particular folders within the BAM! Library and the Mobile Sales Tool:



Editing User Permissions

Admins can assign permissions to a particular user by clicking on the Edit User button next to the user whose permissions you wish to modify from within the Users tab of the Permissions Settings:



Within the Edit User page you can modify a user's name, enable or disable their status as an administrator, as well as manage what groups they belong to. You can search through the Available Groups & Selected Groups using specific, partial terms or even a single letter :



If you have Admin privileges, clicking the Permissions tab will allow you to modify a user's permissions for particular folders within the BAM! Library and the Mobile Sales Tool:



NOTE:  An individual's permissions are meant to be additive, not restrictive.  A higher level of group or folder permissions that apply to a particular user will allow that user to access the applicable folders and assets regardless of their individual permission settings, and likewise any of a user's individual permission settings at a higher level than those of whatever groups they belong to will take precedence when determining folder access.