Why do I need permissions and roles in DAM?

By Henrik de Gryor on Another DAM blog (about Digital Asset Management)
Link to original post : http://anotherdamblog.wordpress.com/2009/09/28/why-do-i-need-permissions-and-roles-in-dam/
September 28th, 2009

Any Digital Asset Management (DAM) solution worth implementing across an organization should have the following:

• The ability to assign permissions or access to various tasks in the DAM. This includes permission to:
  • access assets and/or collections in the DAM
  • preview assets in the DAM
  • add/append/edit metadata to the assets in the DAM
  • upload assets to the DAM
  • download assets with transformations from the DAM
  • order assets (such as licensed assets in the DAM)
  • delete assets in the DAM
  • version assets in the DAM
  • report on assets in the DAM
  • do specific tasks with these assets from the DAM

• The ability to assign roles or groups of people who share the same permissions to do things in the DAM. At the very least, there should be at least a few roles available to assign any user of the DAM:
  • Administrator role often has full control of the DAM and is empowered with full permissions to do anything necessary including configurations.
  • Regular user role usually has limited permissions to do specific things such as preview assets and maybe download assets directly from the DAM.
  • If you wanted to expand to a third role, there is often a power user role. Typically, power users can do more than the average user, but less than the administrator. Often, a power user can upload assets to the DAM.

Depending on who in your organization is supposed to access what collections of assets and be able to do specific tasks with these assets, you may want to create a role which meets each criteria. Why use roles/groups rather than grant each individual user specific permissions one at a time? Well, how many DAM users do you have? Roles are a simple way to bunch groups of users together who need the same permissions. This way, permissions are granted in a uniform manner to users who fall in a specific user role. This can speed up the process of adding a new user or editing their permissions, instead of visiting each collection and permission for each individual user throughout the DAM.

• You could have user roles which can preview (read-only) specific collections of assets, but not other collections.
• You may have roles which can preview, edit, upload and download assets but not delete assets (such as your power user role).
• You may want a role which can preview and download from only one collection of assets relative to their job function because they often need to use or refer to just these assets.

I would not recommend allowing all users to have all permissions to do everything in the DAM (aka free for all) because that often leads to a lot of inconsistencies, accidents and chaos, particularly deletion.You probably had that before you had a DAM. So, why go back to those times? Do you miss the chaos and headaches for some reason? The idea here is to empower users within each user role to be able to access/do/see what they need in the DAM for their job function. Unless assets are restricted for specific uses or for specific eyes only, there is little reason to limit the access to previewing assets in the DAM, but it is up to the administrator and their management to decide what level of access should be granted to whom. If a user needs to access/do/see more (and is permitted to), permissions and roles can be changed by an administrator to allow more access and usability to users of the DAM.

How do you use permissions and roles within your organization’s DAM?