Capture Agent Access Control

Opencast allows restrictions considering what a user or group of users can do with capture agents to be configured.

This is no security feature and does not guarantee that users cannot access any of the functionality.

There are three kinds of access restriction levels:

Unrestricted Access

Users that have the global administration role (ROLE_ADMIN) or the organization administration role (value depends on configuration) always have access to all capture agents.

Restricted Access

Unprivileged users by default have no permission to modify anything that is relevant to control capture agents. Those users cannot:

Selective Access

It is possible to selectively allow specific users or groups of users to access subsets of capture agents.

Each capture agent has a role which is derived from its id by removing all non-alphanumerical characters and prepending the prefix ROLE_CAPTURE_AGENT_. If a user with restricted access owns the roles of a set of given capture agents, the user has selective access to those capture agents.

Example

If the user Bob with restricted access has the role ROLE_CAPTURE_AGENT_OPENCASTSCAPTUREAGENT, Bob is allowed to control the capture agent with the id Opencast's Capture Agent.