Role-Based Permissions

Comprehensive 3-tier access control system with 65+ granular permissions for complete control over your organization and projects.

Permission Hierarchy

Tier 1: Platform Level

System-wide permissions for platform administrators:

• Access all organizations
• Manage system settings
• View system analytics
• Manage all platform users

Tier 2: Organization Level

9 organization-level permissions for owners and admins:

Project Management

• Create projects
• Delete projects

Member Management

• Invite members
• Remove members
• Manage roles

Settings & Billing

• Manage organization settings
• View billing information
• Manage billing
• View organization analytics

Tier 3: Project Level

36+ granular permissions organized by category:

Asset Management

• View assets
• Upload assets
• Edit metadata
• Delete assets
• Download assets
• View only approved assets (restrictive)

Tagging System

• View tags
• Create tags
• Delete tags

Collections

• Create collections
• Edit collections
• Delete collections
• Share internally
• Share externally
• Manage members
• Create smart collections

Approval Workflows

• View approvals
• Manage approvals

Distribution

• Create distribution links
• Manage distribution links

Project Management

• Edit project settings
• Invite members
• Remove members
• Manage permissions
• Delete project

Analytics & Audit

• View analytics
• View audit logs

Talent Management

• Create talent access
• Manage talent access

Folder Management

• Create folders
• Rename folders
• Delete folders
• Move assets

Image Security

• Requires watermarking (restrictive)
• Watermark opacity (0.05 to 0.50)

Permission Templates

Viewer

View content and create personal collections. Cannot modify assets or project settings.

Contributor

Create and edit content, manage folders, upload assets. Cannot manage members or project settings.

Manager

Full project management capabilities including member management. Cannot delete the project.

Custom

Build custom permission sets for specialized roles. Mix and match any of the 65+ permissions.

Collection-Level Permissions

When sharing collections, assign granular access:

• Can View: View collection and assets
• Can Edit: Add/remove assets, edit metadata
• Can Share: Create share links for others
• Can Manage: Manage collection members

Security Features

Archive Lockdown

When projects are archived or pending deletion, only read permissions are allowed. All write operations are automatically blocked.

Watermarking Control

Set per-user watermarking requirements with configurable opacity levels. Ensure sensitive content is always protected for specific users.

Performance Optimization

3-layer caching system (request context, Redis, database) delivers 40x faster permission checks compared to direct database queries.

Audit Trail

All permission-related actions are logged:

• Permission grants and revocations
• Role changes
• Member additions and removals
• Access attempts (successful and denied)

Export audit logs for compliance documentation and security reviews.

Perfect For

Production studios, agencies, and teams requiring strict access control with the flexibility to customize permissions for every role and workflow.