Once you have created your 1st asset family and created your user groups, you can begin to define for each of these user groups if they will be able to display/edit this asset family and its data.
Permissions depending on the asset family
You can define which user groups can view or edit an asset family, its properties, its attributes, and its assets. There are three levels of permissions per asset family:
- not allowed to view
- allowed to view
- allowed to edit
These permissions apply to the API (asset, asset attribute, asset attribute option, and asset family endpoints) but not to the asset import profiles.
Allowed to edit
The edit permission means add, edit and delete rights.
If a user belonging to a user group has the right to edit an asset family, he will be able to:
- Edit the properties of this asset family
- Add, edit, and delete the attributes of this asset family
- Add, edit, and delete assets of this asset family
- Delete this asset family
If you want only some users to be able to edit the attributes of an asset family or delete an asset, you can also manage access on actions according to the user roles. Please refer to this article for more information.
Allowed to view
If a user belonging to a user group has the right to view an asset family, he will only be able to display the asset family data (properties, attributes, assets).
He won't be able to edit or delete it.
Not allowed to view
If a user belonging to a user group has not the right to view an asset family, he will not be able to display the asset family (properties, attributes, assets).
When assets are linked to a product, it is considered product data. As a consequence:
- Users without view permission on the asset family cannot remove/add/reorder the assets from the asset collection attribute via the product edit form or the API.
- Users without view permission on the asset family cannot edit assets in the asset collection attribute via the product edit form or the API.
- Users without view permission on the asset family can display assets from the asset collection attribute via the product edit form or the API.
Users without view permission and trying to get a specific asset via the API will receive a 404 error message. This way, we prevent users from guessing the existence of specific asset families.
Apps will still ignore asset family permissions and can always edit all assets.
Define permissions on an asset family
To define the rights on an asset family, follow these steps:
- Go to the Permissions tab of the asset family
- Add user group to the desired field Allowed to view or Allowed to edit
- Click Save in the top-right corner
If you want all your user groups to have the edit rights, just type All and add the All option to the desired field.
At least one user group should be allowed to edit an asset family to manage the permissions on this family.
Rights depending on the locales
It is possible to define for each user group, on which locale the asset family data can be viewed or edited.
For assets, we have 2 levels of access on locales: the view right and the edit right.
It is not possible to hide a locale in an asset family.
The edit right
The edit right means add and edit rights.
If a user belonging to a user group has the right to EDIT an asset family, he will be able to:
- Edit the asset family labels for a locale
- Edit the asset family attributes labels for a locale
- Edit the asset values for a locale if the attribute is localizable
The view right
If a user belonging to a user group has the right to VIEW on a locale, he will only be able to display the asset family data on this locale (properties, attributes, assets).
He won't be able to edit it.
Set rights on a locale
To define the rights to a locale, please refer to this article.