Presentation is loading. Please wait.

Presentation is loading. Please wait.

Delegating Mediasite Management Using Roles and Advanced Access Permissions 19-05-2010 Patrick Klaassen.

Published byMitchell McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "Delegating Mediasite Management Using Roles and Advanced Access Permissions 19-05-2010 Patrick Klaassen."— Presentation transcript:

1 Delegating Mediasite Management Using Roles and Advanced Access Permissions 19-05-2010 Patrick Klaassen

2 Background 6 Faculties and some Institutions To a Large extent autonomous Each responsible for capturing their own Lectures Local Support Organizations (E-Learning Teams) About 40 people in total Central E-learning Department: Project Management & Coordination

3 Challenge How to implement Mediasite in Such a Way that every Faculty is fully in control of its own Lecture Capture Process? Giving 40 people in a controlled way Administrator Access to the Mediasite Management Portal Maximum Rights Control the damage that can be caused by local Admins

4 Mediasite Management Strategy Each Institution should be able to fully Manage it’s own: Presentations Players Presenters Encoding Profiles Recorders Part of the Catalog Schedules Templates Poll Templates

5 Mediasite Management Strategy Each Institution should be able to fully Manage it’s own: Presentations Players Presenters Encoding Profiles Recorders Part of the Catalog Schedules Templates Poll Templates Presentations Players Presenters Encoding ProfilesRecorders Part of the Catalog Schedules Templates Poll Templates

6 Mediasite Autorization Model User Group Role Permission Many One Allow/Deny

7 Mediasite Autorization Model User Group Role Permission - Operations - Portal Resources - Catalog - Encoding Profiles - Players - Presenters - Folder Security Many One Allow/Deny View/Read/Write/Execute/Moderate

8 Mediasite Autorization Model User Group Role Permission LDAP Group Many One Allow/Deny X LDAP User You can NOT add both Mediasite Groups and LDAP Groups / LDAP Users to a Role You can NOT add more than ONE LDAP User or Group to a Role One [OR] Shortcomings:

9 Implementing Groups and Roles

10 Determine what Groups and Roles you need in order to delegate Admin Tasks to Groups of Users Faculty Admins Template Faculty Admin Recorders Each Institution has it’s own Admin Group/Role For each RL Recorder a seperate user is created and placed in this Group to restrict the permissions of the recorder users Good Practice - If You have many Roles with the same standard permissions => create a Template Role and assign the common permissions to this Role. When creating a new Role you can copy the standard Permissions from the Template Role.

11 Implementing Permissions 1. Operations

12 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None

13 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None

14 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None

15 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None

16 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None New Role => Add that Role manually to all Required Operations

17 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None New Role => Add that Role manually to all Required Operations By this time you probably forgot what Permissions you need to assign

18 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Faculty Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None For This Purpose => Assign Common Permissions to a Template Admin Role

19 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None Create a new Group/Role

20 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None Select Copy Permissions From Role => Template Role

21 Implementing Permissions 1. Operations: determine which Roles may perform what Admin Operations Template Admin & Institution Admins Create Encoding Profile Create Folders Create Players Create Presentations Create Presenters Manage Reports Publish To Go Search Directories Recorder Role None Select Copy Permissions From Role => Template Role New Admin Role Automatically Receives Right Operations Permissions

22 Implementing Permissions 2. Portal Resources

23 Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Template Admin & Faculty Admins All, EXCEPT => Application Settings FTP Management Server Group Management System Management Recorder Role None User Management

24 Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Template Admin & Faculty Admins All, EXCEPT => Application Settings FTP Management Server Group Management System Management Recorder Role None User Management

25 Implementing Permissions 2. Portal Resources: determine which Roles may see what Areas (tabs / dropdowm men options) in the Management Portal Template Admin & Faculty Admins All, EXCEPT => Application Settings FTP Management Server Group Management System Management Recorder Role None User Management Recorder users No Access to Management Portal at all

26 Implementing Permissions 3. System Policies

27 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Faculty Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Missing – System Policy for: Poll Templates

28 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Faculty Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Why?

29 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Default Permissions Why?

30 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role Default Permissions Why? ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else!

31 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! Default Permissions Why? With custom system policy....

32 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! Default Permissions Why? Risky? With custom system policy....

33 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! Default Permissions Why? Risky? Luckilly not that much.... With custom system policy....

34 Implementing Permissions 3. System Policies: determine wich default permissions are applied when New Objects are created ALL Institution Admin Roles Write Permission for: Encoding Profile Player Presentation Template User Managemen Presenter Recorder Role Encoding Profile Schedule Template Read Permission for: Encoding Profile Player Presenter Template Admin Role None System policiy permissions are NOT copied when copying permissions from a Role ONLY the Owner (which is a single user) can See and Edit the Object after creating a new Object. These are INVISIBLE for everyoune Else! Default Permissions Why? Risky? Luckilly Not that much.... Object can NOT be deleted when in use

35 Implementing Permissions 4. Folder Security

36 Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders Individual Faculty Admin Roles Recorder Role Read Permission on Root Folder (Presentations) All Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Write Permissions on All Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Mediasite Admin Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin

37 Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders Individual Faculty Admin Roles Recorder Role Read Permission on Root Folder (Presentations) All Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Write Permissions on All Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Mediasite Admin Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Faculty Admin

38 Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders Individual Faculty Admin Roles Recorder Role Read Permission on Root Folder (Presentations) All Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Write Permissions on All Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Mediasite Admin Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Faculty Admin

39 Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders Individual Faculty Admin Roles Recorder Role Read Permission on Root Folder (Presentations) All Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Write Permissions on All Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Mediasite Admin Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin Faculty Admin

40 Implementing Permissions 4. Folder Security: determine Folder structure and Access Permissions to Folders Individual Faculty Admin Roles Recorder Role Read Permission on Root Folder (Presentations) All Faculty Admin Roles Write Permission on own folder Read/Write Permissions on some other Folders Write Permissions on All Folders Template Admin Role Read/Write Permissions on ALL Folders that all Admins have in common Mediasite Admin Faculty Admin Folder permissions are copied when copying permissions from role! DO NOT copy from an existing Institution Admin

41 Implementing Permissions 5. Catalog

42 Implementing Permissions

43 5. Catalog: determine structure and set Access Permissions Individual Faculty Admin Roles Write Permission on Root Catalog Folder (5.0.5) All Faculty Admin Roles Write Permission on own folder 1 Catalog not linked to Presentation Folder Subfolder for Each Institution Mediasite Admin Risky! Risky! Risky! Risky! Risky!

44 Implementing Permissions 5. Catalog: determine structure and set Access Permissions Individual Institution Admin Roles Write Permission on Root Catalog Folder All Institution Admin Roles Write Permission on own folder 1 Catalog not linked to Presentation Folder Subfolder for Each Faculty Mediasite Admin

45 Implementing Permissions 5. Catalog: determine structure and set Access Permissions Individual Faculty Admin Roles Write Permission on Root Catalog Folder All Faculty Admin Roles Write Permission on own folder 1 Catalog not linked to Presentation Folder Subfolder for Each Institution Institution Admin Catalog Presentation Explorer

46 Conclusion Presentations Players Presenters Encoding Profiles Recorders Catalog Schedules Templates Poll Templates How suited is Mediasite (5.0.5) for fully Delegated Administration?

47 Conclusion Presentations Players Presenters Encoding Profiles Recorders Catalog Schedules Templates Poll Templates Mediasite is well on it’s way !!! All the ingredients are there but most need to be developed a little further How suited is Mediasite (5.0.5) for fully Delegated Administration?

48 Thank you for your Attention! plf.klaassen@bb.leidenuniv.nl

Download ppt "Delegating Mediasite Management Using Roles and Advanced Access Permissions 19-05-2010 Patrick Klaassen."

Similar presentations

Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Managing User Settings with Group Policy

Managing User Settings with Group Policy
1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
EmpowHR EmpowHR Security Overview. 2 Application Security Administration Permission List Roles User Profiles Row level security Distributed Security Administration.

EmpowHR EmpowHR Security Overview. 2 Application Security Administration Permission List Roles User Profiles Row level security Distributed Security Administration.
Agenda 22 7.SharePoint Changes 8.Items & Lists 9.Files & Libraries 10.SharePoint & Office 11.Help 12.Wrap Up.

Agenda 22 7.SharePoint Changes 8.Items & Lists 9.Files & Libraries 10.SharePoint & Office 11.Help 12.Wrap Up.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
© Wiley Inc. 2006. All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Protect your data with Security John Ykema, Director of Sales & Marketing.

Protect your data with Security John Ykema, Director of Sales & Marketing.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.

Opening SharePoint to External Users.  Centralize all files  Eliminate the need for Matching Subs RFI’s to our RFI’s (Dan Campbell, ETC)  Create a.
1 System for Administration, Training, and Educational Resources for NASA Managing Access.

1 System for Administration, Training, and Educational Resources for NASA Managing Access.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure.

9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
WebFOCUS 8: Best Practices for Migration

WebFOCUS 8: Best Practices for Migration

Similar presentations

Ads by Google