Capture Agent Access Control
Opencast allows restrictions considering what a user or group of users can do with capture agents to be configured.
This is no security feature and does not guarantee that users cannot access any of the functionality.
There are three kinds of access restriction levels:
- Unrestricted Access: Full access to all capture agents
- Restricted Access: No access to any capture agent
- Selective Access: Selected access to a subset of capture agents
Unrestricted Access
Users that have the global administration role (ROLE_ADMIN
) or the organization administration role
(value depends on configuration) always have access to all capture agents.
Restricted Access
Unprivileged users by default have no permission to modify anything that is relevant to control capture agents. Those users cannot:
- Edit scheduling information of scheduled events (Events->Event Details->Scheduling is read-only)
- Edit workflow configuration of scheduled events (Events->Event Details->Processing is read-only)
- Schedule new events (Events->Add Event->Source will only allow upload)
- Delete scheduled events (Events->Actions->Delete and Events->Action->Delete)
- Remove capture agents (Locations->Locations->Action->Remove)
Selective Access
It is possible to selectively allow specific users or groups of users to access subsets of capture agents.
Each capture agent has a role which is derived from its id by removing all non-alphanumerical characters and
prepending the prefix ROLE_CAPTURE_AGENT_
.
If a user with restricted access owns the roles of a set of given capture agents, the user has selective access
to those capture agents.
Example
- Capture agent ID:
OpencastsCaptureAgent
- Derived role:
ROLE_CAPTURE_AGENT_OPENCASTSCAPTUREAGENT
If the user Bob with restricted access has the role ROLE_CAPTURE_AGENT_OPENCASTSCAPTUREAGENT
, Bob is allowed
to control the capture agent with the id Opencast's Capture Agent
.