Once the camera stops rolling, it requires monumental effort from a team of professionals to take that video through post-production to the final product.
During post-production, the video files will be reviewed, changed, shared, and saved by editors, artists, graphic designers, sound editors, members of the marketing and distributing teams, and many, many others.
In addition to the internal post-production team members, there’s also a multitude of external users that will need access to at least some of your files some of the time.
For example, on any given project, you may need to share the asset with freelance sound editors, VFX contractors, technology vendors, your clients, and other outside stakeholders that need to sign off on their portion of the project before it can officially be labeled as “done.”
With this many cooks in the proverbial kitchen, it is essential for the project administrator to control who can access which assets, what they can do with those assets, and when they can do it. This is where role-based provisioning comes in.
Why Role-Based Provisioning Is Important in Post-Production
Role-based provisioning keeps your workflow flowing and your content protected from theft, corruption, cyberattacks, unauthorized access, and even accidental file damage.
Although all of the different users have a legitimate need to access files and assets, not every user requires the same level of access. And it’s very likely that a given user won’t need the same access and user permissions for the entire post-production process.
To prevent overprovisioning and permissions misuse, users should only be granted the minimum amount of access needed to do their jobs.
Role-based provisioning lets administrators—and in some cases project owners—grant permissions on an as-needed basis. By customizing access for each user based on their specific role on a specific project during a specific time frame, it’s easier to control who is accessing files and footage at any point in the post-production process.
To prevent overprovisioning and permissions misuse, users should only be granted the minimum amount of access needed to do their jobs, and those user permissions should be revoked when the assignment is complete or after a predetermined amount of time. This helps prevent security and quality control issues due to vulnerabilities from unmonitored accounts and unauthorized access to critical systems and files.
How Shift Makes Role-Based Provisioning Intuitive and Customizable
Shift recognizes the importance of limiting and controlling access to video assets and files. We have prioritized access management and security by making role-based provisioning easy to implement and customizable to meet the needs of each project.
In Shift, roles are created by the administrator using custom user permissions templates. These roles govern the level of access a user has to a project.
For example, Shift administrators can assign role-based permissions that determine how a user can interact with a particular asset. For example, they may only be able to:
- Upload into assigned project rooms
- Share internally
- Manage and share but not delete or download
Users can be assigned different roles on different projects, which may grant the user more or less access to assets on each project. But if a user is not assigned a role on a project, they won’t have access to that project’s files and resources.
Account Level Permissions
There are three user types that determine account-level permissions:
This user has unlimited permissions. They are automatically added as a project owner on every project in the workspace, and only an admin may add and remove users in the workspace.
A manager is granted standard user permissions, but they also have the ability to create new projects. Creating a project automatically makes the manager the project owner (in addition to the administrator).
A user cannot create new projects, and they are limited to the default or custom roles assigned by a project owner.
At the project level, roles are used to define who can perform certain actions and who has access to which assets:
This role, which cannot be modified or deleted, can be either the user who creates a project or an administrator. The project owner has every project-level permission, and only project owners can delete a project, modify watermark settings, invite users to a project, or modify a user's role within a project.
These are premade roles that are available in every workspace. Default roles are based on industry or project needs, and they may be modified or deleted by an administrator as appropriate.
Shift’s default roles include:
- Uploader: view and create new assets
- Asset manager: create, view, edit, delete, and share assets internally
- Internal collaborator: view, edit, and share assets internally
- Public collaborator: create, view, edit, download, and share assets
Custom roles can be created in the Role Editor found on the Administration page. These roles are workspace-specific with custom permission selections assigned by the administrator. Custom roles are a good solution for team members who may need a unique set of permissions, for example:
- VFX artist
- Content Editor
Role-Based Provisioning in the Era of Remote Work
With post-production teams increasingly working from disparate locations and the rising risk of cyberthreats and other bad actors, using role-based provisioning to control who can access video assets and sensitive files is a common-sense security measure.
Download Shift’s Guide to Post-Production Workflows to learn more about how post-production is evolving in the era of remote work and how you can increase efficiency, productivity, and security no matter where your team is located.