Permission roles for client-side productions

Ensuring that the right people have access to the information they need, while at the same time denying access to those who shouldn’t see sensitive information, is one of the crucial aspects of working collaboratively on a client-side production.

Shotgun provides a robust set of permission roles that correspond directly to typical roles within such a production.

Each of these is intended as a starting point, allowing for further customization depending on the specific requirements of your production. The initial access levels for each role are detailed below.

Note: This article assumes that your site has been configured with the "Studio" template. 

Default roles

Project Admin

The Project Admin role has full access to all data and functionality within projects they are assigned to, including the ability to modify permissions for others, define new permission roles, and configure how the permission roles are defined. This is also the only role that may create API script keys and add new users.

Coordinator

The Coordinator role is somewhat more restricted than the Project Admin, but may still view and update most entity types and fields throughout the projects they are assigned to. In particular, they cannot create or view API script keys, change permissions, or create new users.

Editorial

The Editorial role is identical to the Coordinator role with the exception that they cannot create new fields. It is expected that productions will customize this role, along with the Coordinator role, as the need arises.

In-House Artist

The In-House Artist role is mostly restricted to viewing information, aside from also being able to create new Versions, Playlists, Notes, and File Attachments. Additionally they may only edit Notes and Versions which they created.

Vendor

The Vendor role is prevented from seeing all but a specific set of information. By default, they can see the following types of entities in projects they are assigned to:

  • Camera Setups
  • Cuts
  • Cut Items
  • Lenses
  • Playlists
  • Reels
  • Shoot Days
  • Slates
  • Source Clips
  • Takes

In addition, they can see the following:

  • Assets for which they are included in the “VFX Vendor” field
  • Attachments on Versions, Notes, or Deliveries they can see
  • Deliveries created by or addressed to them
  • Turnovers for which they are included in the “Vendor Groups” field
  • Notes created by or addressed to them
  • Scenes for which they are included in the “VFX Vendors” field, or which contain one or more Shots they can see
  • Sequences which contain one or more Shots, Scenes, or Tasks they can see
  • Shots for which they are included in the “VFX Vendors” field or any Tasks on the Shot, and where that Shot does not have a “VFX Shot Status” of “Bid In Progress”
  • Tasks for which they are included in the “Assigned To” field
  • Versions for which they are included in the “Artist” field, or that they created

The Vendor role can also create new Deliveries, Notes, Versions, and File Attachments.

Finally, the Vendor role has some additional restrictions applied:

  • They cannot see the Global Navigation bar at the top
  • They cannot see the “Other” dropdown menu in the Project Navigation bar at the top
  • They cannot see or deactivate saved filters in the filter panel
  • They cannot create new project pages
  • They cannot save changes to project pages
Note: An additional “Shotgun Support” permission role is also included. This is used by the Shotgun Support team if they need to access your project for any reason, and has permissions equivalent to the “Project Admin” role.

Assigning permission roles

To assign people to different roles, go to the People page, click the “Production” or “Vendors” tab as appropriate, and then edit the “Permission Group” field for each person.

Making changes to permissions

The default roles are intended as a starting point. For the best results to suit your workflow, you may need to make changes to each of the roles. Here are some possibilities to consider:

  • Changing which entity types a particular role can see, edit, or delete
  • Changing which specific fields a particular role can see or edit the contents of
  • Changing which pages, or views on a page a particular role can see
  • Creating additional roles with different permissions

More information on working with permissions.

Testing permissions

Project Admins are able to view Shotgun as it appears to a specific user. This can be useful if you want to check what a particular vendor can see, for example. To do this, click the page icon button, choose “Use as Another User”, and then type the name of the user to temporarily log in as (you will not need to provide a password).

When you are done, click “Exit” at the top:

Follow

0 Comments

Please sign in to leave a comment.