User access levels, and permissions


On Ayon, I would like to know how to allow a producer to create a project, without allowing him to access technical parts of the Web App (because producers are non-technical people, they should not modify Anatomy templates, Applications, addons, plugins, etc…).
It seems Access level “User” forbids both, and Access level “Manager” allows both, so I’m stuck.

Any idea how I could achieve that ?

Here are screenshots of the available tweaks :


1 Like

Hi @Yul and thanks for opening up this topic. We need more feedback here and are happy to iterate on the options.

What you are asking for is indeed not supported at the moment.

Access levels are designed to create a very strict differentiation on a system level. They are in place mostly for the high level server safety and stability. We’re expecting that these will loosely match to

Artist → User
Production and Supes → Manager
Developers, Sysops, Admins → Admin

User : Cannot access settings and manage other users.
Manager: Can access settings and manage other users
Admin can on top of that:

  • execute onboarding
  • create/manage bundles
  • install addons, create/update dependency packages and installers
  • create/change attributes
  • edit settings of system addons
  • connect to YnputConnect
  • spawn / manage services
  • restart the server
  • manage secrets
  • create admins

Access Groups, on the other hand are designed to be granular, configurable and we’ll be expanding on what they can actually affect in further releases. We are totally planning to add settings and anatomy permissions. The general infrastructure for it is already there, at least to make it possible to hide the full settings or even their parts from various users, but to finalize it we’ll need to go through a lot of testing and it is not planned for 1.0 release. It won’t be too long after the initial production release though. we have it high up on the radar.

Hi @milan

Thanks a lot for these very useful informations :smiley:

I also found that “User” Acces Level cannot create root folders (on “Web App–>Projects–>[select a project]–>Editor”), which makes sense.

On the Access Control panel, what implies the “Guest” switch ?

This is great, forcing me to finally put a lot of this in writing in prep for final documentation, so thanks for digging :).

guest is for now a bit experimental, but the ultimate goal is allowing guest users to join your server, be able to access certain projects and see the work, but not see other users for privacy reasons. We haven’t fully explored where we can take that, but it will slowly evolve to a type of account you could give to freelancers, directors, clients and so on.

Thanks Milan, this will indeed be useful :slightly_smiling_face:

Hi !

I would like to add some more information about the kind of granularity we would need to have a “Producer” user.

A producer would be :
-Allowed to create projects.
-Allowed to set the Access Group of a user for a project (so that the user can see the project).
-Not allowed to access any technical parts of the Web App (because producers are non-technical people, they should not modify Anatomy templates, settings, etc…)