Getting started

Integration & migration

Image & video API

DAM user guide

API overview

Account

Sharing and collaboration

Share assets and media collections with internal users (or groups) and external parties and manage permissions.


ImageKit's Digital Asset Management solution allows you to organize, manage, and share your assets in files and folders. Using Media Collections, you can create virtual groups of assets regardless of their current location in the DAM. This provides a simple way for users to share and collaborate on those assets.

ImageKit allows you to set access and permission levels for each user on your assets as per your organization's needs. Based on your business requirements, you can decide which assets a user can access and what actions they can perform on them.

Access and permission management

A new Media Library Restricted Access user will see an empty Media Library under the "Shared with me" section until any files, folders, or media collections are shared with them.

ImageKit allows granular access control on media collections, files, and folders (and therefore their subfolders and files) with selected restricted access users or user groups with different permissions ranging from view-only to manage access.

The account administrator is responsible for setting up the file and folder hierarchy and assigning appropriate permission levels across users and user groups.

If you can grant a user or a user group "Manage" access to the assets, they would have access to share files, folders, and media collections with other user groups or particular users with any access level. This means that more users would end up with access to assets than what you initially added. Elevated permission levels also allow users to delete resources or carry out other such destructive actions on them.

Users with the following roles or permissions can share assets and media collections with restricted media library users and user groups:

  1. Account administrator
  2. Developer
  3. Media library full access
  4. Media library restricted access with "Can manage" permission on an asset

How to share assets and media collections?

You can share files, folders, and media collections with other restricted media library users and user groups as given below.

To share an asset or media collection, click the "Share" button in the dropdown menu after selecting it. A popup will appear, allowing you to select the users and user groups and specify their access level under the "User & user groups" tab. You may also view, change, or remove the permissions of existing users and user groups with access to the asset or collection. You can also see the media collections to which the selected asset has been added by clicking on the "Media collection associations" tab in this popup.

This document only covers sharing files with users and user groups already added to your ImageKit DAM. However, you can also share them with users who are not part of your ImageKit DAM by generating a public link. We have covered Public links separately.

Understanding access to assets and media collections

Access control and permissions can only be managed for Media Library Restricted Access users.

They can only perform actions on files and folders that are shared with them based on their permission levels. However, such users can create new media collections.

An asset or media collection can be shared with users in the following ways:

  1. Sharing with users A user can be given access to any asset or media collection. This is useful when giving certain users access to specific resources with appropriate permission levels.

  2. Sharing with user groups We usually work as teams; for most requirements, the entire team needs the same access and permissions on assets. You can streamline your workflow by creating user groups with all relevant users and then sharing the assets or media collection with the user group, granting access to all associated users in one go.

  3. By asset or media collection ownership A user who creates a file, folder, or media collection owns that resource, and has the "Can manage" permission on it.

For example, if a user creates a folder, they can perform all operations that "Can manage" permission level allows on the folder and all the assets inside it. Even if you revoke the access through which they could create the folder in that directory, they would still have the same access to the folder they created and any subfolders and files inside it.

Understanding how a user's role change affects access

When a user's role is changed from "Media Library Restricted Access" to some other role or when any such user is deleted, they are removed from the user group. If their role is changed back to "Media Library Restricted Access", they would still have access to all the assets and media collections that were previously individually shared with them. However, they won't be added back to any of the user groups they were previously added to.

Understanding how deleting user groups affects access

When a user group is deleted, users lose access to any files, folders, or media collections they had access to through the group unless it was shared with them directly.

It is important to plan out your DAM workflow carefully. Your media collections, folders, and files should be organised such that your team members have appropriate access and permissions to the right resources.

To help you establish your workflow, we recommend the following steps:

  1. Define your teams. Consider the various teams in your organization. Do you, for example, have a design, marketing, sales, and technology team? This lets you think about different teams and what permission and access they will need in the next step. Once you have determined that, you can add them to their respective user groups.

  2. Organize your assets, folders, and media collections.

A very important aspect of setting up your workflow is creating the right folder structure. Remember that permissions would cascade down to its subfolders, meaning that if you grant a certain level of access to a folder, you can't restrict that access from any of its subfolders or files.

Create separate folders for each team (or user) in the root media library and grant appropriate permissions. Avoid deep nesting of folders, as this will increase the chances of permission escalation by mistakenly giving higher permission to some parent folders. Instead of a deep nested folder structure, use custom metadata for better organization.

You can also add individual assets and folders to a media collection and share the collection with relevant stakeholders with the proper access level. This helps organize and share a lot of scattered assets and folders from one central location.

  1. Share assets and media collections with your team members. Grant the appropriate level of access for each user or user group you want to share it with. Share it with an individual user if they don't have the right access to that asset via their group.

For example, the marketing team will need sufficient permission to add, remove, and modify assets in certain folders. Technology or the sales team might only need read/view permission for specific folders containing brand assets.

If you create a new user with Media Library Restricted Access, the Media Library will appear empty to them initially. They won't be able to upload assets to the Media Library either. You can share a folder with at least "Can contribute" permission so that they can start uploading files to it.

Permissions

Understanding permissions on assets and media collections

An asset can be shared with a user in different ways and with varying permission levels. The permission level on the asset would be the highest permission the user derives through all these means. For example, suppose a user is in multiple groups, and the same folder is shared with each group at different permission levels. In that case, the highest of those permission levels applies to the user for that asset.

When you share a folder, its permission level cascades down to all its subfolders and files.

A user or user group's permission level can be increased in a subfolder of a folder to which they already have access, but it cannot be lowered.

If you don't share a file and folder (or any parent of that folder) with a particular user or group by any means, those users will not be able to see that folder or the contents inside it. Even when performing a search on all folders, the results will only include folders where the user has at least view permission. Furthermore, if you don't share any folders with a particular user or user group, then those users won't have access to any assets in the Media Library.

If assets are added to a media collection, and that media collection is shared with a user or user group who otherwise do not have access to that asset, those users will still be able to take all "Can view" permission actions on the assets in that media collection. However, they won't be able to modify those assets unless they have "Can contribute" or "Can manage" permission on them.

You cannot share the Home (root) of the media library with any Media Library Restricted Access user.

File and folder permission levels

An ImageKit account user with relevant permissions can view and manage access permissions on an asset (files and folders) for restricted access users and user groups. For an asset, you can assign one of the following permission levels:

  1. Can view
  2. Can contribute
  3. Can manage

The table below summarises the operations that can be performed on media library assets at each permission level:

OperationCan viewCan contributeCan manage
View & search assets
View file & file version details
Download file
Download assets as zip
View downloads
View threads and comments
Add new comment and replies
Edit and delete own comments
Modify own reaction on comments
Resolve and unresolve thread
Create new folder
Upload file & new file version
Restore file version
Update custom metadata
Edit tags
Add auto tags (extension)
Remove background (extension)
Remove tags
Edit image
Edit custom focus area
Copy asset
Add asset to media collections
Delete a comment thread
Rename file
Move asset
Publish or unpublish file
Delete file version
Delete asset
Share asset
View public links
Create public links
Edit public links
Delete public links

Media collection permission levels

An ImageKit account user with relevant permissions can view and manage access permissions on media collections for restricted media library users and user groups. For a media collection, you can assign one of the following permission levels:

  1. Can view
  2. Can contribute
  3. Can manage

The table below summarises the operations that can be performed on media collections and assets added to them at each permission level:

OperationNo permissionCan viewCan contributeCan manage
Create new media collection
View & search media collections
View assets in media collection
View file & file version details
Download media collections as zip
Add assets to media collection
Rename media collection
Remove assets from media collection
Delete media collection
Share media collection
View public links
Create public links
Edit public links
Delete public links