Access Filters allow an Administrator to deny a group access to assets tagged with certain custom attribute values. They can be used in tandem with your existing permissions to fine-tune access control or help simplify a complex folder structure. Once an asset has been hidden via an Access Filter, it will not be accessible to members of the specified group in any way, including search, internal sharing, direct URL, or API.
How it works
For example, you have a large set of images that a Marketing group cannot have access to, because their licensing is restricted. These images are spread throughout multiple folders that Marketing currently has access to. Instead of trying to change permissions on these individual assets or move them all into a single restricted folder, you can simply create an Access Filter for the Marketing group that hides any assets tagged with the value Restricted for an attribute called License.
Controlling access via attribute data is powerful; once Access Filters are configured, it means that you can immediately change asset visibility to certain groups by editing metadata:
- Upon upload, by setting attribute data
- Via bulk editing using the Quick Edit panel, Grid Editor, or Attribute Data Upload
- Using advanced automation and integration tools such as Embedded Metadata Sync, AutoTask, the Public API, or Data Source Sync
Creating an access filter
To create an access filter, select the group to hide assets from and specify the attribute and values to filter.
Only Pulldown, Multi-select, or Tag (vocabulary) attribute types can be used with Access Filters.
- Use the Systems button found along the left-hand navigation sidebar to access the systems area.
- Navigate to Groups.
- Click the action menu for the chosen group and choose Access Filters.
- Choose an attribute and values. To remove selected attributes, use the X button.
- When finished making your selection, click Submit.
- Once the filter is created, any assets tagged with the values you selected will no longer be visible to the group's members.
Editing an access filter
Once Access Filters are created, a lock button will appear in the Access filters column for the group.
- Use the Systems button found along the lefthand navigation sidebar to access the systems area.
- Navigate to the Groups tab.
- Click the Access filter (lock) button, or select Access filters from the group's action menu.
- Edit attributes and values as desired, then click Submit when finished.
Deleting an access filter
- Use the Systems button found along the lefthand navigation sidebar to access the systems area.
- Navigate to the Groups tab.
- Click the Access filter (lock) button, or select Access filters from the group's action menu.
- To delete filters, click the X button next to each filter.
- Click Submit when finished.
Notes
- Access filters are cumulative. A user in multiple groups will be subject to all of the groups’ filters. In the case where filters conflict, the most restrictive setting takes precedence.
- When multiple values are chosen for an Access Filter, or multiple Access Filters are applied to a group, assets tagged with any of the selected values are hidden from the group.
- Access Filters do not affect Administrators, even if they are members of a group that has a filter applied.
- Directors cannot manage Access Filters or remove themselves from a group that has Access Filters applied.
- Access Filters don't prevent users from editing metadata on assets. To stop users from removing values that are used in your Access Filters, we recommend setting minimum user levels on the attributes in your filter definition.
- You cannot delete attributes or value options that are used in an Access Filter until you remove them from the filter definition.
- Unlike Permissions entries, Access Filter visibility changes are immediate and do not require reindexing.