We come across big headlines about massive data leaks at least once a month. For example, Marriot's data leak was one of the largest in 2020. Could you imagine that this event resulted in the loss of private information of over five million users?
Fortunately, DAM comes with lots of security and safety features. Today, we are going to talk about roles and permissions. Roles in Pics.io are flexible so you can create as many as you need. From the administrator (or digital asset manager if you will) to people with view-only permissions, Pics.io lets you be as granular as you like.
With that said, while there are infinite possibilities for roles, today we're going to break them down into four basic types to give you an idea of how, when, and why you should adjust roles.
Let's get started.
👨💼 Administrator
The administrator is the digital assets manager. They have full control over the account, including your media library and users.
Who can it be? Someone with a leadership role within the company. It could be a director, account or client manager, or the team lead of your marketing, sales, or IT department. This person must be familiar with DAM functionality and its best practices to use it most productively.
What does this person do?
Takes responsibility for DAM adoption and manages the process; | Can but will unlikely upload/download assets; |
Controls and has access to all aspects of DAM, with full feature functionality and managerial capacity; | Will unlikely edit metadata & share files; |
Defines the structure and policy of the storage and makes sure everyone is following them. | Won't set an organization structure for files. |
If we take our own Pics.io team as an example, it’s not that big. And so we have only two people with admin roles in our DAM storage - our CEO and chief technology officer. They manage both assets and user rights and supervise our DAM account in general like its functionality and structure.
But let’s imagine your team is over 50 people, and the size of your library reaches at least 1000 assets. And thus you may need to divide the different roles of your administrators into:
- Master admin: a person with the widest aspects of rights and permissions, including user account & asset management, access to billing details, analytics, purchase/update options, etc.
- User admin: a person responsible for managing user access, rights, and roles.
- Library admin: a person behind content asset management. Approving uploads, adding/editing/deleting metadata, and organizing the data - this is your person.
Depending on your company's size, you can experiment with different managerial roles. For example, a master admin may also take care of user accounts if the company doesn’t hire weekly. Or vice versa, you may need a few library admins, assigning a new one to each department. Your working process will run smoother if the marketing, design, and product team leads manage assets related to their departments only.
Examples of admin users:
- Director responsible for billing and updating features in DAM;
- Marketing team lead making sure all assets related to their department stay updated, relevant, and in order;
- HR specialists preparing the report on the use of data in their agency by department.
🧑 Regular DAM user
This is a person that puts your DAM storage directly to its intended use like storing, accessing files, sharing, and downloading.
Who can it be? All sorts of employees. Most typically, these include a marketing and sales team, PR department, product team, designers, and web managers.
What does this person do?
Accesses DAM and previews the assets; | Has normally no right to upload, edit, or move assets save for some exceptions; |
Searches for what they need & downloads; | Cannot delete assets; |
Asks for permissions to view/download if the asset is restricted. | Has no access to billing, analytics, updates, etc. |
This user gets access to the storage and comes to do what they need without bothering everyone around them. The role expects so-called general use, without any specific actions done to assets like editing or deleting.
Examples of regular DAM users:
- A content editor looking for banners for the article;
- A web manager searching for photos/videos to upload on the website;
- A product team browsing collections for the latest logo to use.
🕺 Power DAM user
This is an alternative to regular DAM users. It's like a regular DAM user, with a bit of extended rights.
Who can it be? Again, your marketing & sales team, product team, web designers, and developers.
What does this person do?
Has all the same rights as regular users like accessing files, previewing, and downloading. Also, they can upload assets; | Sometimes, this role enforces some limitations related to upload/download options; |
Creates new collections; | As a rule, they cannot move or delete assets; |
Edits, moves, and deletes files. | Has no access to billing, analytics, updates, etc. |
In our team, for example, you won’t upload any assets unless you enter the name and description for the uploaded files. This approach helps us keep the materials organized as we use these metadata in our searches later.
Likewise, a power user may be asked to fill in other fields, depending on the industry the company works in. A travel agency may need data concerning the location, while videographers may attach the date when the material was created/uploaded, the type of equipment used, etc.
Another interesting restriction admin may enforce refers to downloading original content. There are lots of DAM users where copyright is of the utmost importance. So you may decide which role can download originals and which only watermarked revisions.
- Internal or those who work within the same company, for example, content creators i.e. marketing team;
- External or those who contribute outside the company, for example, external photographers, videographers, freelance designers, and so on. This type of user usually has to wait for the administrator’s review & approval before they upload the assets.
Examples of power DAM users:
- Marketing Assistant uploading latest marketing collateral;
- Marketing and Promotion manager looking for leftovers from older campaigns to reuse these materials;
- Freelance designers uploading their works for a new product line.
👤 Guest
This is a user with the fewest rights, which are normally reduced to viewing/reading only.
Who can it be? People outside the company like partners, agencies, freelancers, volunteers, vendors, and clients. Sometimes, these could be your teammates from other departments when you share the asset for a second opinion or need someone else’s approval.
What does this person do?
Browses collections and views files only; | No upload/download options are available; |
Leaves comments under particular assets. | Has no access to billing, analytics, updates, etc. |
In some industries, guests are end-users as opposed to more popular regular and power user roles. For example, travel agencies may set guest roles to their clients to allow them to view the latest photos and videos from their tours.
Examples of guest users:
- Clients willing to check projects before choosing to cooperate with some creative agency;
- An IT specialist browsing the marketing collection to give feedback on the material from the technical perspective.
The caveat with the guest role is that Pics.io puts a restriction on how many users you can add to Pics.io with each plan. For users that need only to see assets (like third parties), it can be sometimes better to use websites. Websites let you create branded portals out of any folder in your collection which you can then share with anyone you need.
Team vs. collection permissions
Another good news is an opportunity to establish different permissions for teams and collections. Admin roles could be the same over the whole storage. But for other roles may need different user rights depending on a particular collection.
Your product team may be satisfied with regular user roles. Most of the time, they will use DAM for downloading assets only. For example, they may need different designs uploaded by the UI/UX designer.
In contrast, your marketing team will need more extended permissions. Usually assigned with power DAM user rights, the team both uploads and downloads files, creates new collections, and manages metadata. For example, a content writer uploads a new article. They also attach its name, description, different keywords to make access to this file easier, etc.
But the catch here is that they actually need those permissions only for the specific folder (collection), like "Blog Assets". Using collection-level permissions, you can let them do uploads and edits in that collection only while giving them more basic rights everywhere else in your DAM.
You may also want to assign different permissions within a single department. For example, your team works on two different product lines. And so you make sure that users have access only to the collection with the materials they’re working on.
A few takeaways
Different employees use the company's DAM account in different ways. Letting everyone do everything causes inconsistencies, unnecessary changes to files, and accidental deletion. You have experienced this chaos before you chose DAM, haven’t you?
Your users don’t need to see every single feature in DAM. If you access the storage once or twice a week to download an asset, you don’t need rights to upload or change metadata. To some extent, this wide range of options may even feel intimidating for not a regular DAM user.
Luckily, modern DAM solutions like Pics.io allow us to differentiate user roles. And so a person could see and do precisely what they need in their job. For this very reason, your DAM library gets more secure, and there is no need to worry about the safety of your sensitive data.
And how do you distribute user roles in your DAM storage? You’re welcomed to share your experience in the comment section. And don’t forget to check our Pics.io product in case you’re still in search of your ideal DAM.