Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Permissions, inheritance and principals via the API

Stephen Warneford-BygraveStephen Warneford-Bygrave Tyro
in API

Hi,

I have some questions about content permissions in Panopto. From my testing, it seems like permissions can be set in a couple of places:

* On the videos themselves

* On folders

if I have a video that's shared with a single user, and that video is in a folder that's shared with a single different user (Assuming "Viewer" permissions), can you confirm that the resultant combination of permissions on the video will enable both users to be able to access the video? And ultimately, that these permissions will be appropriately represented when accessed via the searchIndexSync/contentAPI (i.e. both of the users will be added to the list of assigned principals)?

I'm asking for you to confirm my findings, as this is what I'm seeing in the UI, but I want to be sure I'm not missing anything here; the indexing project I'm working on requires strict consideration with permissioned content, and I want to make sure that people can't see or get access to content they're not supposed to.

Tagged:

Answers

  • Adis HrnjicaAdis Hrnjica Whiz Kid

    Hi Stephen,

    If you have:

    • Video shared with User A (Viewer role)
    • Folder containing that video shared with User B (Viewer role)

    Then:

    • ✅ Both User A and User B will be able to access the video
    • ✅ Both users will appear in the principals list when accessed via the searchIndexSync/contentAPI

    This is because the permissions are union-ed together - the video inherits all folder permissions AND adds its own direct permissions.

    Your concern about permissioned content is valid. The searchIndexSync API accurately represents the combined effective permissions. The principals array returned will include:

    • Users/groups with direct access to the video
    • Users/groups with inherited access from the parent folder (and ancestor folders)
    • Site-wide administrators (if SearchIndexSyncUsesPermissionsCache is enabled)

    This means you can trust the principals list to enforce proper access control in your external search index.

    I hope this helps.

    Thanks,

    Adis

Sign In or Register to comment.