Image access permissions can be applied “globally” across the entire Photo library or “individually” when bulk uploading or editing images.

In early November 2024, we introduced new image permissions functionality to improve and better align the mechanism with the Asset library workflow.

• Setting global image permissions
• Image permission definitions
• Image inheritance
• Setting image restrictions while bulk uploading
• Batch modifying image restrictions
• Restricting access to the Photo library altogether
• Hiding categories from view
• Creating permanent and shareable links

Prior to the November 2024 changes, there were two ways to restrict image access:

1. Image size and watermark restrictions (specific to member groups)
2. Image access restrictions (specific to image categories)

These have now been combined into a single image access mechanism, allowing Administrators to set whether a particular member group is allowed to access an image and which sizes they’re allowed to download.

It’s important to note that “Categories” will no longer be used as a way to restrict access to an image (or group of images). However, the actual categories or subcategories can still be hidden, if desired.
 

Image permission definitions

The new mechanism has four permission options:

• Can Download High Res
  Access to VIEW and DOWNLOAD all size variations of the image, including Original uploaded files, Large (2400px), Medium (1200px) and Small (630px) images. Includes the ability to crop and export images to pre-configured and Custom sizes^.
• Can Download Low Res only
  Access to VIEW and DOWNLOAD Medium (1200px) and Small (630px) images only. Requests for high resolution access can be made via the online request form.
• Can Download Watermarked only
  Access to VIEW and DOWNLOAD Small (630px) Watermarked images only. Requests for high resolution and non-watermarked access can be made via the online request form.

• No access
  Cannot VIEW or DOWNLOAD the image.

These image access permissions can be applied “globally” across the entire Photo library or “individually” when bulk uploading or editing images.

^ Only member groups given access to Download High Res images will be able to create and export Custom size images. To see a list of the pre-configured image size options that ship with Brand Toolbox, view Export custom image sizes & formats.
 

A note about access

If a member group “Can Download Watermarked only”, members of that group will only be able to VIEW and DOWNLOAD a low resolution, Small (630px) Watermarked image. They will see the options for Small (non-watermarked), Medium, Large, Original and Custom size (see red exclamation symbols below), however, they cannot DOWNLOAD the images until their request for higher resolution images is granted.

 

Requests for high resolution images can be made via the online Image Request Form linked to each download button. The form is sent to the Image Administrator^^ as an email for approval. Once approved, the member will then be allowed to download the high resolution image for the approved images only.

^^ Find out how to “Configure Administrators to approve the image requests”.
 

Setting the “global” image access options

Image access permissions must first be set on the “Image library” root node. Once set, these options will filter (cascade) through to all images contained in the library unless overridden down the node tree (see “Image inheritance” below).

To set global permissions:

1. Select the “Permissions” tab on the “Image library” node in the “Media” section:
   
   
   
   
2. For all member groups that you wish to give access to the Photo library images, add the member group(s) against the appropriate “Can Download High Res, Low Res only or Watermarked only” properties.
   
   There are three properties to choose from, giving you four access options (see definitions above):
   
   •  Can Download High Res
   •  Can Download Low Res only
   •  Can Download Watermarked only
   •  No access^^^
   
   ^^^ If you DO NOT want a member group to have access to particular images in the library, do not add them to any of the three access properties. If you DO NOT want a member group to view the Photo library altogether, restrict access to the Photo library via the “Public access” action.
   
   
3. To remove a member group, click “Remove” against the member group or the “Remove all permissions” button to unassign all groups.
4. Click “Save” to set the global settings^^^^.

^^^^ Note that the first time the global settings are added or if they are changed down the track (and depending on the quantity of images in the library), it might take some time for the settings to filter through to all images in the library. Please be patient before expecting the frontend results to reflect the new permissions.

“Disable all access” toggle
The “Disable all access” toggle allows you to configure access for the property BUT prevents the permissions being applied. This is useful when first setting up a new library and you aren’t ready to grant the permissions until a later date.

 

Base level permissions added to the Media [section] > Image library [root node] > Permissions [tab] inherit (cascade) down the media tree into both image folders and individual images.

Therefore, you don’t need to apply permissions to folders (or groups of images) if the settings are identical to the parent folder(s) up the media tree. You only set an “override” on underlying folders or images when you want them to differ.

Here’s how it works...

1. Set base permissions on the root node as shown above at “Setting the global image access options’.
2. Child folders (and images within them) automatically inherit these base permissions unless overridden on either the image folder nodes or individual image nodes.
   
   
   
   

 Inherited member groups display as grey text with a green link symbol.

 Overridden groups display as black text with a broken link symbol.

The new mechanism allows you to apply common member group permissions across multiple image folders and separately apply different access to different images.

“Public access” restrictions allow you to define which member groups are allowed to view (access) the Photo library.

When applied, the entire Photo library (and menu links to it) will be hidden from view.

Default settings

By default, the Photo library inherits permissions from the site’s root node (e.g. the “Home” node in the “Content” section). If no public access permissions are applied to the “Photo library” node, members who are able to log into the site can also access the Photo library.

Restricting access to the Photo library

You may decide to make the Photo library available to ‘Employee’ members only. For example, you may own internal images and wish to exclude 3rd party or external suppliers (e.g. Non-employees) from viewing the library.

To restrict access to the ‘Employee’ member group only, follow the steps below:

1. Right-click the “Photo library” node in the Content tree and select the Public access option in the actions menu (or select it from the Actions menu after selecting the “Photo library” node).
   
   
   
   
2. The Public Access slide out menu appears. Select Role based protection and click Select.
    
   
    
3. Pick the member groups that you would like to provide Photo library access to. You will see a list of all member groups for your site in the left hand list. Use the ( >> ) or ( << ) buttons to move these groups to/from the right hand list. For an ‘Employee’ group member to be able view the page, it must appear in the right hand list (as per below).
    
   
   
   
4. Specify the Login Page. This is important in the event a user attempts to browse to this “protected” page without first being logged into the site. In this scenario, they will first be redirected to login:
   • Choose: Login
5. Specify the Error Page. This is the page that users are redirected to when logged on but do not have access to the library:
   • Choose: Error  (DO NOT CHOOSE ‘Server Error 404’)
6. Click the Save button to enable changes.
    

Hiding categories from view

If desired, categories and/or subcategories in the frontend category menu can be hidden from view. For example, you may decide to hide a particular image category so it is viewable to ‘Employee’ member groups only.

Why? You may have internal comms images assigned to a particular category that 3rd party or external suppliers cannot access. Though the images will not be accessible, the category in the menu will still be visible. In this case, it’s best to hide the category rather than a user selecting the category only to return “0” results.

Note: Hiding the category will not hide the images within the category – just the category name itself.
 

To allow only the ‘Employee’ member group to view the category in the menu:

1. Select an existing Category and select the Public access option in the actions menu.
   
   
   
   
2. The Public Access slide out menu appears. Select Role based protection and click Select.
    
   
    
3. You’ll be presented with the Public access – Role based protection slide out menu.
4. Pick the member groups that you would like to have access to the images. You will see a list of all of the member groups for your site in the left hand list. Use the ( >> ) or ( << ) buttons to move these groups to/from the right hand list. For an ‘Employee’ group member to be able view the page, it must appear in the right hand list (as per below).
    
   
   
   
5. Specify the Login Page. This is important in the event a user attempts to browse to this protected category without first being logged into the site. In this scenario, they will first be redirected to login:
   • Choose: Login
6. Specify the Error Page. This is the page that users are redirected to when logged on but do not have access to the category:
   • Choose: Error  (DO NOT CHOOSE ‘Server Error 404’)
7. Click the Save button to enable changes.

For guidance on how to share images with external (general public) users, visit the ‘Creating permanent and shareable links’ section.