Subaccount permissions for playlist/devices

andrea · June 6, 2024, 7:50am

I’ve created subaccounts for testing and I’ve had a look at the ACL, but I can’t see if I can allow a user to see/edit only a specified playlist/device.
Thanks!

Edit: What if 2 users edit the same playlist at the same time?

infobeamer-fw · June 6, 2024, 12:17pm

When only allowing access to a selected number of playlists/devices, the following might be helpful: Create a policy that only allows access to a selected number of playlists like this:

{
  "Statements": [
    {
      "Action": ["asset:list", "playlist:list", "playlist:preview", "timespec:preview"],
      "Effect": "allow"
    }, {
      "Action": ["playlist:detail", "playlist:update:list"],
      "Condition": {
        "NumericEquals": {
          "playlist:id": [1234, 4567]
        }
      },
      "Effect": "allow"
    }
  ],
  "Version": 1
}

The values in playlist:id must be the playlist where you intend to allow write access. You can see the id in the url when you visit a playlist’s detail page.

What exactly do you intend to allow when you say “edit a device”? I guess they shouldn’t be allowed to delete or reboot it? If you only want to allow them to view the details of a selected list of devices, you can use the following policy:

{
  "Statements": [
    {
      "Action": "device:list",
      "Effect": "allow"
    }, {
      "Action": ["device:detail", "device:detail:*"],
      "Condition": {
        "NumericEquals": {
          "device:id": [1234, 4567]
        }
      },
      "Effect": "allow"
    }
  ],
  "Version": 1
}

The ids should again be the device ids (you see them in the url when you visit a device’s detail page).

Use these policy together within an ACL and assign that to the access you’ve create for another account. They will then be able to list device/assets and playlists, but only view the details of the specified devices and be able to view and edit the selected playlists.

infobeamer-fw · June 6, 2024, 12:20pm

Right now last to save wins. I think it should not be too difficult to add a detection mechanism that can optionally warn in that case.

For playlists, it might be worth looking into the “dynamic search” feature playlists offer. This allows a playlist to be automatically assembled from various conditions matching your assets. You can for example add all landscape image assets from a specific folder. Each time a users uploads a matching asset, the playlist automatically reflects that after a few seconds. In that case, concurrent uploads or deletions don’t matter and can happen at the same time.

andrea · June 6, 2024, 1:45pm

Thanks, useful information!