Transcript Slide 1
Delegating Mediasite Management Using Roles and Advanced Access Permissions 19-05-2010 Patrick Klaassen Background • 6 Faculties and some Institutions • To a Large extent autonomous • Each responsible for capturing their own Lectures • Local Support Organizations (E-Learning Teams) • About 40 people in total • Central E-learning Department: Project Management & Coordination Challenge How to implement Mediasite in Such a Way that every Faculty is fully in control of its own Lecture Capture Process? Giving 40 people in a controlled way Administrator Access to the Mediasite Management Portal Maximum Rights Control the damage that can be caused by local Admins Mediasite Management Strategy Each Institution should be able to fully Manage it’s own: Presentations Schedules Part of the Catalog Templates Players Poll Templates Presenters Recorders Encoding Profiles Mediasite Management Strategy Each Institution should be able to fully Manage it’s own: Presentations Presentations Schedules Templates Schedules Templates Part of the Catalog Part of the Catalog Presenters Presenters Recorders Recorders Players Players Poll Templates Poll Templates Encoding Profiles Encoding Profiles Mediasite Autorization Model One Many User Group Role Permission Allow/Deny Mediasite Autorization Model One Many User Group Role Permission Allow/Deny View/Read/Write/Execute/Moderate - Operations - Portal Resources - Catalog - Encoding Profiles - Players - Presenters - Folder Security Mediasite Autorization Model One Many User X Group Shortcomings: • You can NOT add both Mediasite Groups and LDAP Groups / LDAP Users to a Role • You can NOT add more than ONE LDAP User or Group to a Role Permission Role [OR] One LDAP User One LDAP Group Allow/Deny Implementing Groups and Roles Implementing Groups and Roles Determine what Groups and Roles you need in order to delegate Admin Tasks to Groups of Users Template Faculty Admin Good Practice If You have many Roles with the same standard permissions => create a Template Role and assign the common permissions to this Role. When creating a new Role you can copy the standard Permissions from the Template Role. Faculty Admins Each Institution has it’s own Admin Group/Role Recorders For each RL Recorder a seperate user is created and placed in this Group to restrict the permissions of the recorder users Implementing Permissions 1. Operations Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations New Role => Add that Role manually to all Required Operations Template Admin & Faculty Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations New Role => Add that Role manually to all Required Operations By this time you probably forgot what Permissions you need to assign Template Admin & Faculty Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations For This Purpose => Assign Common Permissions to a Template Admin Role Template Admin & Faculty Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Create a new Group/Role Template Admin & Institution Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Select Copy Permissions From Role => Template Role Template Admin & Institution Admins Recorder Role Create Encoding Profile Manage Reports None Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Select Copy Permissions From Role => Template Role New Admin Role Automatically Receives Recorder Role Template Admin & Institution Admins Right Operations Permissions None Create Encoding Profile Manage Reports Create Folders Publish To Go Create Players Search Directories Create Presentations Create Presenters Implementing Permissions 2. Portal Resources Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Template Admin & Faculty Admins Recorder Role All , EXCEPT => None Application Settings FTP Management Server Group Management System Management User Management Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Template Admin & Faculty Admins Recorder Role All , EXCEPT => None Application Settings FTP Management Server Group Management System Management User Management Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Recorder users No Access to Management Portal at all Template Admin & Faculty Admins Recorder Role All , EXCEPT => None Application Settings FTP Management Server Group Management System Management User Management Implementing Permissions 3. System Policies Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ALL Faculty Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Encoding Profile Player Schedule Template Player Presentation Template Missing – System Policy for: Presenter User Managemen Poll Templates Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ALL Faculty Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Encoding Profile Player Schedule Template Player Presentation Template User Managemen Presenter Why? Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Default Permissions ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Encoding Profile Player Schedule Template Player Presentation Template User Managemen Presenter Why? Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Default Permissions ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Player Presentation Template User Managemen Presenter ONLY the Owner (which is a single user) Encoding Profilecan See and Edit the Object Encoding Profile after creating a new Object. These are Schedule Template Player INVISIBLE for everyoune Else! Why? Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role Default Permissions With custom system None System policiy permissions policy are NOT.... copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Encoding Profile Player Schedule Template Player Presentation Template User Managemen Presenter Why? Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role Default Permissions With custom system None System policiy permissions policy are NOT.... copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Player Schedule Template Presentation Template User Managemen Presenter Why? Encoding Profile Risky? Player Presenter Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role Default Permissions With custom system None System policiy permissions policy are NOT.... copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Player Schedule Template Presentation Template User Managemen Presenter Why? Encoding Profile Risky? Player Presenter Luckilly not that much.... Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created Template Admin Role Default Permissions None System policiy permissions are NOT copied when copying permissions from a Role Object can NOT be deleted when in use ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! ALL Institution Admin Roles Recorder Role Write Permission for: Read Permission for: Encoding Profile Encoding Profile Player Schedule Template Presentation Template User Managemen Presenter Why? Risky? Encoding Profile Player Presenter Luckilly Not that much.... Implementing Permissions 4. Folder Security Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders All Faculty Admin Roles Read Permission on Root Folder (Presentations) Individual Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Recorder Role Write Permissions on All Folders Mediasite Admin Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders All Faculty Admin Roles Read Permission on Root Folder (Presentations) Individual Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Recorder Role Write Permissions on All Folders Mediasite Admin Faculty Admin Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders All Faculty Admin Roles Read Permission on Root Folder (Presentations) Individual Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Recorder Role Write Permissions on All Folders Mediasite Admin Faculty Admin Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders All Faculty Admin Roles Read Permission on Root Folder (Presentations) Individual Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Recorder Role Write Permissions on All Folders Mediasite Admin Faculty Admin Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders All Faculty Admin Roles Read Permission on Root Folder (Presentations) Individual Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Recorder Role Write Permissions on All Folders Mediasite Admin Faculty Admin Implementing Permissions 5. Catalog Implementing Permissions Implementing Permissions 5. Catalog: determine structure and set Access Permissions 1 Catalog not linked to Presentation Folder Subfolder for Each Institution All Faculty Admin Roles Write Permission on Root Catalog Folder (5.0.5) Risky! Risky! Risky! Risky! Risky! Individual Faculty Admin Roles Write Permission on own folder Mediasite Admin Implementing Permissions 5. Catalog: determine structure and set Access Permissions 1 Catalog not linked to Presentation Folder Subfolder for Each Faculty All Institution Admin Roles Write Permission on Root Catalog Folder Individual Institution Admin Roles Write Permission on own folder Mediasite Admin Implementing Permissions 5. Catalog: determine structure and set Access Permissions 1 Catalog not linked to Presentation Folder Subfolder for Each Institution All Faculty Admin Roles Write Permission on Root Catalog Folder Individual Faculty Admin Roles Write Permission on own folder Institution Admin Presentation Explorer Catalog Conclusion How suited is Mediasite (5.0.5) for fully Delegated Administration? Presentations Schedules Catalog Templates Players Poll Templates Presenters Recorders Encoding Profiles Conclusion How suited is Mediasite (5.0.5) for fully Delegated Administration? Mediasite is well on it’s way !!! All the ingredients are there but most need to be developed a little further Presentations Schedules Catalog Templates Players Poll Templates Presenters Recorders Encoding Profiles Thank you for your Attention! [email protected]