censhare provides several server actions for users to create variants from an asset. 

Context

The server action fails if the user does not have the appropriate rights in the domains of the source asset and the variant asset. In some cases, this can be solved if the user configures that new child assets are assigned to the user's default domain. This article helps you to check for the correct permissions.

  • This knowledge article only applies to censhare Web. In the censhare Client, users either do not see the Create variant server actions or can choose suitable target domains for the variant asset. So, the server action might not fail due to insufficient rights.

  • This article applies to the following server actions:

    • Variant without update flag

    • Variant with update flag

    • Layout geometry variant

    • Alias variant

    • Transformation variant

    • Resource replace variant
  • Available since 2018.3

Prerequisites

  • Permission to configure the Master data in the censhare Admin Client

Introduction

In censhare Web, users can select a Create variant server action in two ways:

  • Asset action menu for a selected asset in an asset list

  • Page actions menu in an asset page

censhare then checks if the user has the appropriate rights for the domain of the source asset and the domain of the variant asset (target). By default, censhare creates the variant asset in the same domain as the source asset. This can also be the default domain of a user. Users can configure this in their preferences in censhare Web.  

If users do not have the appropriate rights for the source or the target domain, the Create variant server action fails. A notification window opens in censhare Web: "You don't have enough permissions to complete this action."  

Note: Users see the Create variant server actions even if they do not have the required permissions to execute the server actions.

The problem

Execution process:

  1. User selects/opens an asset.

  2. User selects a Create variant server action.

  3. In the User preferences, user selects: Use my domain for new child assets.

    • The variant is created in the default domain of the user.

    • If the user does not have the appropriate permissions to create a variant there, the server action fails.

  4. In the User preferences, user does not select: Use my domain for new child assets.

    • The variant is created in the domain of the source asset.

    • If the user does not have the appropriate permissions to create a variant there, the server action fails.

Permissions

censhare uses a permission concept with several layers:

  • Permission keys are combined in Permission sets.

  • Permission sets are combined in Roles.

  • Roles are assigned to a certain combination of Domain and 2nd Domain.

As of that, users can have different roles (and rights) for different domains.

Permission keys needed

For the domain of the source asset, the role of the user must contain the following permission keys:

  • Asset relations variant (ID: asset_rel_variant): The key allows to manually create variant relations between assets.

  • Edit assets read-only (ID: asset_checkout_readonly): The key allows to edit assets in the read-only mode.

For the domain of the variant asset the role of the user must contain the following permission key:

  • Edit new assets (ID: asset_checkin_new): The key allows to create an asset.

Solution

First check

Users do not always have full access rights to the domain where the source asset is stored. But, this is in most cases true for their default domain. The default domain is defined in the user's account entry in the Users table in the Master data in the censhare Admin Client.  

If the creation fails, ask the user to check-in the user preferences in censhare Web if the following box is activated:

  • Use my domain for new child assets in the New assets tab in the User preferences dialog. 

If this does not work, check for the permissions.

Check permissions

  1. Open the configuration dialog for the user in question in the Users table in the Master data in the censhare Admin Client.

  2. Search for the domain of the source asset and note the assigned role to it.

  3. Check for Permission sets assigned to this role and whether any of these Permission sets includes the required Permission keys. For more information, see Permission keys needed.

  4. Repeat steps 2 to 4 for the domain of the variant asset.

Add missing permissions

  1. In the Permission sets table: Add the missing permission keys to execute a Create variant server action to appropriate permission sets or create new permission sets.   

  2. In the Roles table: If not already there, add the appropriate permission sets to the role for the domain of the source asset.

  3. In the Roles table: If not already there, add the appropriate permission sets to the role for the domain of the variant asset.

Note: The way how permission sets are defined and how they are assigned to the various roles depends on the censhare custom installation.

Result

You understand the execution process if a user selects a Create variant server action. You know how to find the cause of the server action failure. You know the ways how to solve this.