System role and policy reference
Last updated: Jul-21-2025
Cloudinary provides predefined system policies and system roles to help you manage access to features, assets, and operations across your account.
System policies: Predefined permission policies offered by Cloudinary. These are the building-blocks of all roles. Browse the list of system policies so that you can know which policies to use when building your custom roles. For more information, see Policies and permissions.
System roles: Built-in roles provided by Cloudinary. They're ready as-is to assign directly to users, groups, or API keys. Browse the list of available system roles and which permissions they grant. For more information, see System roles vs. custom roles.
How you can help:
- Use Roles and Permissions Management in real projects, prototypes, or tests.
- Share feedback, issues, or ideas with our support team.
Thank you for exploring this early release and helping us shape these tools to best meet your needs.
System policy reference
This section lists all system policies provided by Cloudinary, including each policy’s ID, name, and description.
Understand what your existing roles that include the policies allow.
Decide which permissions to include in custom roles that you're creating.
Look up the
system_policy_ID
to reference the policy you want to include when creating a custom role.Examine the policy statements, which define the actions that the policy allows on specific Cloudinary resources, written in Cedar language. For more information, see Understanding the policy_statement.
For more background information about system policies, see Role-based permissions overview.
For more details on system policies, see Manage roles.
Global policies
Management
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::basic_portals::access | Manage all portals with full create, read, update, and delete permissions. | Manage all portals with full create, read, update, and delete permissions. | permit(principal, action, resource is Cloudinary::Portal); permit(principal, action == Cloudinary::Action::"read", resource == Cloudinary::Feature::"cld::global::basic_portals::access"); permit(principal, action, resource is Cloudinary::PublicLink) when { resource.subject_type == "portal"}; |
cld::policy::global::ml_preferences::manage | Control the way the Media Library looks and behaves for all users in the product environment. | Control the way the Media Library looks and behaves for all users in the product environment. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::ml_preferences::access"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::ml_preferences::update"); |
cld::policy::global::ml_dashboard::access | View the Assets Dashboard, including usage summaries and trend graphs. Access is limited to data the user is permitted to see. | View the Assets Dashboard, including usage summaries and trend graphs. Access is limited to data the user is permitted to see. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::ml_dashboard::access"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Collection); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Portal); |
cld::policy::global::activity_reports::access | View and generate reports that list all account management activities and product environment actions. | View and generate reports that list all account management activities and product environment actions. | permit (principal, action, resource is Cloudinary::Report) when {resource.type=="audit_log"}; permit (principal, action, resource == Cloudinary::Feature::"cld::global::activity_reports::access"); |
cld::policy::global::structured_metadata::access | Create and manage structured metadata fields, define conditional rules, and configure datasources (list values) for single and multi-selection fields. | Create and manage structured metadata fields, define conditional rules, and configure datasources (list values) for single and multi-selection fields. | permit(principal, action, resource is Cloudinary::MetadataField); permit(principal, action, resource == Cloudinary::Feature::"cld::global::structured_metadata::access"); |
cld::policy::global::moderation_queue::access | View, approve, and reject assets from the Moderation page. Access is limited to assets in folders where the user has the 'View all assets in a folder and its subfolders' permission, or all assets if the user has the global 'View all folders and assets' permission. | View, approve, and reject assets from the Moderation page. Access is limited to assets in folders where the user has the 'View all assets in a folder and its subfolders' permission, or all assets if the user has the global 'View all folders and assets' permission. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::moderation_queue::access"); |
cld::policy::global::ml::access | Access the Media Library within the Console. Without this permission, users can't view any assets. | Access the Media Library within the Console. Without this permission, users can't view any assets. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::ml::access"); |
cld::policy::global::asset_relation::create | Create and manage relationships between assets. Also requires 'Viewing related assets requires the 'View all subfolders and assets in a folder' permission for specific folders, or the 'View all folders and assets' global permission to view all assets. | Create and manage relationships between assets. Also requires 'Viewing related assets requires the 'View all subfolders and assets in a folder' permission for specific folders, or the 'View all folders and assets' global permission to view all assets. | permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::AssetRelation); permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::AssetRelation); |
cld::policy::global::marketplace:manage | Manage the App Marketplace by enabling or disabling apps that extend DAM functionality based on company needs. | Manage the App Marketplace by enabling or disabling apps that extend DAM functionality based on company needs. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::app_marketplace::access"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::DamApp); permit(principal, action == Cloudinary::Action::"subscribe", resource is Cloudinary::DamApp); permit(principal, action == Cloudinary::Action::"unsubscribe", resource is Cloudinary::DamApp); |
cld::policy::global::add_ons::run | Apply functionality from add-ons that are enabled for the account. Note that usage may consume quota based on the add-on plan. | Apply functionality from add-ons that are enabled for the account. Note that usage may consume quota based on the add-on plan. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::add_ons::run"); |
cld::policy::global::marketplace:read | Access and use DAM apps that have been enabled from the Assets App Marketplace, directly within the Media Library. | Access and use DAM apps that have been enabled from the Assets App Marketplace, directly within the Media Library. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::DamApp); |
cld::policy::global::smd:bulk_upload | Upload a CSV file to bulk update structured metadata fields across multiple assets. | Upload a CSV file to bulk update structured metadata fields across multiple assets. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::update_smd_by_csv:access"); permit(principal, action in [Cloudinary::Action::"create", Cloudinary::Action::"read"], resource is Cloudinary::Folder) when { resource.path like "cld_system_files*" }; |
cld::policy::global::delivery_url::access | Access delivery URLs of original and transformed assets, including the ability to view, copy, and open them in a new tab. Access is limited to assets the user is permitted to view. | Access delivery URLs of original and transformed assets, including the ability to view, copy, and open them in a new tab. Access is limited to assets the user is permitted to view. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::delivery_url::access"); |
cld::policy::global::portals::view | Manage all portals with full create, read, update, and delete access. The 'View collection' permission is required to add a specific collection to a portal. | Manage all portals with full create, read, update, and delete access. The 'View collection' permission is required to add a specific collection to a portal. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::portals::view"); |
cld::policy::global::ml_flourish_report::view | [Won't do] View reports showing metrics that demonstrate Cloudinary value. | [Won't do] View reports showing metrics that demonstrate Cloudinary value. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::ml_monthly_value_reports::view"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Report) when {resource.type == "ml_monthly_value_reports"}; |
cld::policy::global::marketplace:use | [Duplicate -- don't add to UI] Relevant for the read ability for the end user | [Duplicate -- don't add to UI] Relevant for the read ability for the end user | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::DamApp) when { resource has subscribed && resource.subscribed == true }; |
cld::policy::global::comments::delete | Delete all comments the user added to assets. | Delete all comments the user added to assets. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::comments::delete"); |
cld::policy::global::automation::access | Create EasyFlows within the Media Library to streamline Assets workflows. | Create EasyFlows within the Media Library to streamline Assets workflows. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::automation::access"); |
cld::policy::global::assets::moderate | View, approve, and reject all assets in the moderation queue. This permission should be paired with the 'View all folders and assets' global permission. | View, approve, and reject all assets in the moderation queue. This permission should be paired with the 'View all folders and assets' global permission. | permit(principal, action == Cloudinary::Action::"moderate", resource is Cloudinary::Asset); |
cld::policy::global::folder_and_asset_management::delete | Delete all folders and assets without requiring specific folder or asset permissions. | Delete all folders and assets without requiring specific folder or asset permissions. | permit(principal, action in [Cloudinary::Action::"delete"], resource is Cloudinary::Asset); permit(principal, action in [Cloudinary::Action::"delete"], resource is Cloudinary::Folder); |
cld::policy::global::folder_and_asset_management::view | View all folders and assets without requiring specific folder or asset permissions. Downloading requires a separate permission. | View all folders and assets without requiring specific folder or asset permissions. Downloading requires a separate permission. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Asset); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Folder); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::MetadataField); permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::MetadataField) when { resource has allow_dynamic_list_values && resource.allow_dynamic_list_values == true }; |
cld::policy::global::folder_and_asset_management::public::download | Download all folders and their assets with access control set to 'Public'. The download is a ZIP file, and the root folder can't be downloaded. | Download all folders and their assets with access control set to 'Public'. The download is a ZIP file, and the root folder can't be downloaded. | permit(principal, action == Cloudinary::Action::"download", resource is Cloudinary::Asset) when { !["authenticated", "private"].contains(resource.resource_type) && !resource.has_access_control}; permit(principal, action == Cloudinary::Action::"download", resource is Cloudinary::Folder); |
cld::policy::global::folder_and_asset_management::restricted::download | Download all folders and their assets with access control set to 'Public'. The download is a ZIP file, and the root folder can't be downloaded. | Download all folders and their assets with access control set to 'Public'. The download is a ZIP file, and the root folder can't be downloaded. | permit(principal, action == Cloudinary::Action::"download", resource is Cloudinary::Asset) when { (["authenticated", "private"].contains(resource.resource_type)) \ |
cld::policy::global::folder_and_asset_management::create_folder | Create folders anywhere within the folder hierarchy without requiring specific folder permissions. | Create folders anywhere within the folder hierarchy without requiring specific folder permissions. | permit(principal, action in [Cloudinary::Action::"create", Cloudinary::Action::"read"], resource is Cloudinary::Folder); |
cld::policy::global::folder_and_asset_management::create_asset | Upload assets to any folder, including the root, without requiring specific folder permissions. Includes the option to select an upload preset and apply tags and metadata, | Upload assets to any folder, including the root, without requiring specific folder permissions. Includes the option to select an upload preset and apply tags and metadata, | permit(principal, action in [Cloudinary::Action::"create"], resource is Cloudinary::Asset); |
cld::policy::global::folder_and_asset_management::update | Move, rename, and overwrite all folders and assets without requiring specific folder or asset permissions. | Move, rename, and overwrite all folders and assets without requiring specific folder or asset permissions. | permit(principal, action in [Cloudinary::Action::"update"], resource is Cloudinary::Asset); permit(principal, action in [Cloudinary::Action::"update"], resource is Cloudinary::Folder); permit(principal, action in [Cloudinary::Action::"rename"], resource is Cloudinary::Asset); permit(principal, action in [Cloudinary::Action::"rename"], resource is Cloudinary::Folder); permit(principal, action in [Cloudinary::Action::"move"], resource is Cloudinary::Folder); |
cld::policy::global::folder_and_asset_management::update_access_control | Change access control settings for all assets between 'Public' and 'Restricted' without requiring specific folder or asset permissions. | Change access control settings for all assets between 'Public' and 'Restricted' without requiring specific folder or asset permissions. | permit(principal, action == Cloudinary::Action::"update_access_control", resource is Cloudinary::Asset); |
cld::policy::global:::restore | Restore all deleted assets. | Restore all deleted assets. | permit(principal, action == Cloudinary::Action::"restore", resource is Cloudinary::Asset); permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::Folder); permit(principal, action, resource == Cloudinary::Feature::"cld::global::assets::restore"); |
cld::policy::global::public_links::manage | Create, view, update, and delete public links to share collections externally. Also allows sharing assets directly, provided the user has view access through either the 'View all assets in a folder and its subfolders' permission or the global 'View all folders and assets' permission. | Create, view, update, and delete public links to share collections externally. Also allows sharing assets directly, provided the user has view access through either the 'View all assets in a folder and its subfolders' permission or the global 'View all folders and assets' permission. | permit (principal, action, resource is Cloudinary::PublicLink) when { resource.subject_type == "asset" }; permit (principal, action, resource is Cloudinary::PublicLink) when { resource.subject_type == "collection" }; permit (principal, action, resource is Cloudinary::PublicLink) when { resource.subject_type == "portal" }; |
cld::policy::global::folders::share | Share all folders within the folder hierarchy without requiring specific folder permissions. | Share all folders within the folder hierarchy without requiring specific folder permissions. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::folders::share"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Role); permit(principal, action == Cloudinary::Action::"invite", resource is Cloudinary::Folder); |
cld::policy::global::collections::create | Create collections, excluding dynamic collections. | Create collections, excluding dynamic collections. | permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::Collection); |
cld::policy::global::collections::view | View all collections and the assets inside them without requiring folder or asset permissions. This excludes dynamic collections. | View all collections and the assets inside them without requiring folder or asset permissions. This excludes dynamic collections. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Collection); |
cld::policy::global::collections::update | View and manage all collections and their assets without requiring folder permissions. Includes renaming collections and adding or removing assets the user can view via the 'View all assets in a folder and its subfolders' permission or the global 'View all folders and assets' permission. This excludes dynamic collections. | View and manage all collections and their assets without requiring folder permissions. Includes renaming collections and adding or removing assets the user can view via the 'View all assets in a folder and its subfolders' permission or the global 'View all folders and assets' permission. This excludes dynamic collections. | permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::Collection); permit(principal, action == Cloudinary::Action::"add_asset", resource is Cloudinary::Collection); permit(principal, action == Cloudinary::Action::"remove_asset", resource is Cloudinary::Collection); permit(principal, action == Cloudinary::Action::"create",resource is Cloudinary::PublicLink) when {resource.subject_type=="collection"}; |
cld::policy::global::collections::invite | Invite other users to access all classic collections and assign them different permission levels. This excludes dynamic collections. | Invite other users to access all classic collections and assign them different permission levels. This excludes dynamic collections. | permit(principal, action == Cloudinary::Action::"invite", resource is Cloudinary::Collection); |
cld::policy::global::dynamic_collections::manage | Create, update, publicly share, and delete dymanic collections. Includes permission to view all assets included in dynamic collections. | Create, update, publicly share, and delete dymanic collections. Includes permission to view all assets included in dynamic collections. | permit(principal, action, resource is Cloudinary::DynamicCollection); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Asset); permit (principal,action == Cloudinary::Action::"create", resource is Cloudinary::PublicLink) when {resource.subject_type=="collection"}; |
Settings
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::api_keys::view | View all API keys and associated details. | View all API keys and associated details. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::APIKey); permit(principal, action, resource == Cloudinary::Feature::"cld::global::api_keys::view"); |
cld::policy::global::api_keys::manage | View, create, and delete API keys, and update their associated details. | View, create, and delete API keys, and update their associated details. | permit(principal, action, resource is Cloudinary::APIKey); permit(principal, action, resource == Cloudinary::Feature::"cld::global::api_keys::view"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::api_keys::create"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::api_keys::update"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::api_keys::delete"); |
cld::policy::global::upload_presets::manage | View, create, modify, or delete upload settings, such as upload presets, upload mappings, and upload defaults. | View, create, modify, or delete upload settings, such as upload presets, upload mappings, and upload defaults. | permit(principal, action, resource is Cloudinary::UploadPreset); permit(principal, action, resource is Cloudinary::UploadMapping); permit(principal, action == Cloudinary::Action::"update_settings", resource is Cloudinary::ProductEnvironment); permit(principal, action, resource == Cloudinary::Feature::"cld::global::upload_settings::manage"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::upload_settings::access"); |
cld::policy::global::backup_settings::Manage | Manage backup settings, including selecting a backup location and enabling or disabling backup for newly uploaded assets. | Manage backup settings, including selecting a backup location and enabling or disabling backup for newly uploaded assets. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::backup_settings::manage"); permit(principal, action == Cloudinary::Action::"update_settings", resource is Cloudinary::ProductEnvironment); |
cld::policy::global::optimization_settings::manage | Define optimization settings such as image and video quality, and handling of CMYK in derived images. | Define optimization settings such as image and video quality, and handling of CMYK in derived images. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::optimization_settings::Manage"); permit(principal, action == Cloudinary::Action::"update_settings", resource is Cloudinary::ProductEnvironment); |
cld::policy::global::delivery_settings::manage | Define access control list (ACL) conditions and rules in the Console to control who can access assets. | Define access control list (ACL) conditions and rules in the Console to control who can access assets. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::delivery_settings::manage"); permit(principal, action == Cloudinary::Action::"update_settings", resource is Cloudinary::ProductEnvironment); |
cld::policy::global::webhook_notifications::view | dio | dio | permit(principal, action, resource == Cloudinary::Feature::"cld::global::webhook_notifications::view"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Trigger); |
cld::policy::global::webhook_notifications::manage | View, create, and delete webhook notification URLs. | View, create, and delete webhook notification URLs. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::webhook_notifications::view"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::webhook_notifications::create"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::webhook_notifications::update"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::webhook_notifications::delete"); permit(principal, action, resource is Cloudinary::Trigger); |
cld::policy::global::prodenv_security::manage | Set security settings that control how the assets in your product environment can be delivered. | Set security settings that control how the assets in your product environment can be delivered. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::prodenv_security::manage"); permit(principal, action == Cloudinary::Action::"update_settings", resource is Cloudinary::ProductEnvironment); |
cld::policy::global::account_information::manage | Edit basic account information, such as account name and product environment display name, in the Console. | Edit basic account information, such as account name and product environment display name, in the Console. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::account_information::manage"); permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::Account); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Account); |
cld::policy::global::account_api_keys::manage | View account API keys that authenticate the Provisioning and Permissions APIs, update their details, and generate new key pairs. | View account API keys that authenticate the Provisioning and Permissions APIs, update their details, and generate new key pairs. | permit(principal, action, resource is Cloudinary::AccountAPIKey); permit(principal, action, resource is Cloudinary::ProvisioningKey); permit(principal, action, resource == Cloudinary::Feature::"cld::global::account_api_keys::manage"); |
cld::policy::global::product_environments::view | View a list of all product environments in the account and their associated details. This doesn't grant access to the product environments or their contents. | View a list of all product environments in the account and their associated details. This doesn't grant access to the product environments or their contents. | permit (principal, action == Cloudinary::Action::"read", resource is Cloudinary::ProductEnvironment); permit (principal, action, resource == Cloudinary::Feature::"cld::global::product_environments::view"); |
cld::policy::global::product_environments::manage | View, add, and remove product environments in the account, and update their associated details. This doesn't grant access to the product environments or their contents. | View, add, and remove product environments in the account, and update their associated details. This doesn't grant access to the product environments or their contents. | permit (principal, action, resource is Cloudinary::ProductEnvironment); permit (principal, action, resource == Cloudinary::Feature::"cld::global::product_environments::view"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::product_environments::create"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::product_environments::delete"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::product_environments::update"); |
cld::policy::global::users_and_groups::view | View all users and groups in the account and their group memberships. | View all users and groups in the account and their group memberships. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::User); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Group); permit(principal, action, resource == Cloudinary::Feature::"cld::global::groups::view"); permit(principal, action, resource == Cloudinary::Feature::"cld::global::users::view"); |
cld::policy::global::users_and_groups::manage | View, add, and remove users and groups in the account, and manage group memberships. | View, add, and remove users and groups in the account, and manage group memberships. | permit (principal, action , resource is Cloudinary::User); permit (principal, action, resource is Cloudinary::Group); permit (principal, action, resource == Cloudinary::Feature::"cld::global::users::view"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::users::create"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::users::update"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::users::delete"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::groups::view"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::groups::create"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::groups::update"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::groups::delete"); |
cld::policy::global::account_security::view | View account-wide security settings related to authentication, access control, and user privacy. | View account-wide security settings related to authentication, access control, and user privacy. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::account::view"); permit (principal, action == Cloudinary::Action::"read", resource is Cloudinary::Account); |
cld::policy::global::account_security::manage | Define account-wide security settings related to authentication, access control, and user privacy. | Define account-wide security settings related to authentication, access control, and user privacy. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::account::view"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::account::update"); permit (principal, action == Cloudinary::Action::"read", resource is Cloudinary::Account); permit (principal, action == Cloudinary::Action::"update", resource is Cloudinary::Account); |
cld::policy::global::roles_permissions::manage | View, create, update, and delete all roles, define their permissions, and assign roles to users, groups, API keys, and other resources. | View, create, update, and delete all roles, define their permissions, and assign roles to users, groups, API keys, and other resources. | permit (principal, action, resource is Cloudinary::Role); permit (principal, action, resource == Cloudinary::Feature::"cld::global::roles_permissions::manage"); |
cld::policy::global::billing::view | View plan details, add-on subscriptions, and current usage and billing information. | View plan details, add-on subscriptions, and current usage and billing information. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::billing::view"); |
cld::policy::global::billing::manage | View and manage all billing-related information, including plan details, payment method, and add-on subscriptions. | ||
To purchase add-ons for additional users or product environments, this permission must be paired with the View users and groups and View product environments permissions, respectively. |
View and manage all billing-related information, including plan details, payment method, and add-on subscriptions. To purchase add-ons for additional users or product environments, this permission must be paired with the View users and groups and View product environments permissions, respectively. |
permit (principal, action, resource == Cloudinary::Feature::"cld::global::billing::view"); permit (principal, action, resource == Cloudinary::Feature::"cld::global::billing::update"); |
Home
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::reports::delivery::view | View detailed media delivery analytics, such as bandwidth and request usage, top-performing assets and transformations, referral domains, and formats. | View detailed media delivery analytics, such as bandwidth and request usage, top-performing assets and transformations, referral domains, and formats. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::reports::delivery::view"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Report) when {resource.type == "delivery"}; |
cld::policy::global::reports::errors::view | View delivery error trends, including any errors generated from API calls or delivery URL requests. | View delivery error trends, including any errors generated from API calls or delivery URL requests. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::reports::errors::view"); |
cld::policy::global::reports::auto_monthly::view | Enable or disable email delivery of the 'Monthly Usage Report' from email preferences in the Console. | Enable or disable email delivery of the 'Monthly Usage Report' from email preferences in the Console. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::reports::auto_monthly::view"); permit (principal, action == Cloudinary::Action::"read", resource is Cloudinary::Report) when { resource.type == "auto_montly_report" }; |
Image
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::image::access | Access the Cloudinary Image product and use the Transformation Builder for single and bulk transformations in the Media Library. | Access the Cloudinary Image product and use the Transformation Builder for single and bulk transformations in the Media Library. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::image::access"); |
cld::policy::global::unnamed_transformations::view | View unnamed transformations that were applied to assets. | View unnamed transformations that were applied to assets. | permit (principal, action == Cloudinary::Action::"read", resource is Cloudinary::Transformation) when { resource.named == false }; permit (principal, action, resource == Cloudinary::Feature::"cld::global::unnamed_transformations::view"); |
cld::policy::global::unnamed_transformations::manage | Manage unnamed transformations, including deleting them and configuring whether they can be used when Strict Transformations are enabled. | Manage unnamed transformations, including deleting them and configuring whether they can be used when Strict Transformations are enabled. | permit(principal, action, resource is Cloudinary::Transformation) when {resource.named == false}; |
cld::policy::global::named_transformations::view | View all named transformations and the individual transformations they include. | View all named transformations and the individual transformations they include. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Transformation) when { resource.named == true}; permit(principal, action, resource == Cloudinary::Feature::"cld::global::named_transformations::view"); |
cld::policy::global::named_transformations::delete | Delete all existing named transformations. | Delete all existing named transformations. | permit (principal, action == Cloudinary::Action::"delete", resource is Cloudinary::Transformation) when { resource.named == true }; permit (principal, action, resource == Cloudinary::Feature::"cld::global::named_transformations::delete"); |
cld::policy::global::named_transformations::update | Update existing named transformations | Update existing named transformations | permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::Transformation) when {resource.named == true}; permit(principal, action, resource == Cloudinary::Feature::"cld::global::named_transformations::update"); |
cld::policy::global::named_transformations::create | Create new named transformations. | Create new named transformations. | permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::Transformation) when {resource.named == true}; permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Transformation) when {resource.named == true}; permit(principal, action, resource == Cloudinary::Feature::"cld::global::named_transformations::create"); |
Video
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::video::access | NEW | ||
Access the Cloudinary Video product in the Console, including tools for managing video assets, customizing video players, and previewing transformed video content. | NEW Access the Cloudinary Video product in the Console, including tools for managing video assets, customizing video players, and previewing transformed video content. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::video::access"); | |
cld::policy::global::video:video_analytics::view | View Video Player performance metrics in the Video Analytics page, including plays, watch time, unique viewers, and top-performing videos. Use this data to understand engagement and optimize video delivery. | View Video Player performance metrics in the Video Analytics page, including plays, watch time, unique viewers, and top-performing videos. Use this data to understand engagement and optimize video delivery. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::video_analytics::view"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::VideoAnalyticsView); |
cld::policy::global::video:live_streams::manage | Create, update, and delete live stream entries, configure stream settings, and access live stream details. | Create, update, and delete live stream entries, configure stream settings, and access live stream details. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::live_streams::manage"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::LiveStream); permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::LiveStream); permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::LiveStream); permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::LiveStream); |
cld::policy::global::video_player_profiles::manage | Create, edit, and apply video player profiles to control player appearance and behavior, with access to the Video Player Studio for visual customization. | Create, edit, and apply video player profiles to control player appearance and behavior, with access to the Video Player Studio for visual customization. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::video_player_profiles::manage"); permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::VideoPlayerProfile); permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::VideoPlayerProfile); permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::VideoPlayerProfile); permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::VideoPlayerProfile); |
MediaFlows
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::media_flows::access | NEW | ||
Access the MediaFlows interface to build, view, and manage visual workflows for automating media-related tasks. | NEW Access the MediaFlows interface to build, view, and manage visual workflows for automating media-related tasks. | permit(principal, action, resource == Cloudinary::Feature::"cld::global::media_flows::access"); | |
cld::policy::global::media_flows::manage | Create, update, and delete all PowerFlows and EasyFlows. | Create, update, and delete all PowerFlows and EasyFlows. | permit (principal, action == MediaFlows::Action::"create", resource is MediaFlows::EasyFlow); permit (principal, action == MediaFlows::Action::"create", resource is MediaFlows::PowerFlow); permit (principal, action == MediaFlows::Action::"update", resource is MediaFlows::EasyFlow); permit (principal, action == MediaFlows::Action::"update", resource is MediaFlows::PowerFlow); permit (principal, action == MediaFlows::Action::"delete", resource is MediaFlows::EasyFlow); permit (principal, action == MediaFlows::Action::"delete", resource is MediaFlows::PowerFlow); permit (principal, action == MediaFlows::Action::"read", resource is MediaFlows::EasyFlow); permit (principal, action == MediaFlows::Action::"read", resource is MediaFlows::PowerFlow); permit (principal, action == MediaFlows::Action::"read_details", resource is MediaFlows::LogEntry); permit (principal, action == MediaFlows::Action::"read", resource is MediaFlows::LogEntry); |
cld::policy::global::media_flows::usage_n_plane::view | View current MediaFlows plan details, credit usage, and usage breakdowns across all product environments. | View current MediaFlows plan details, credit usage, and usage breakdowns across all product environments. | permit (principal, action == MediaFlows::Action::"read", resource is MediaFlows::Usage); permit (principal, action == MediaFlows::Action::"read", resource is MediaFlows::Plan); |
FinalTouch
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::final_touch::access | Access the FinalTouch interface to create, customize, and publish product galleries and shoppable experiences using Cloudinary assets. | Access the FinalTouch interface to create, customize, and publish product galleries and shoppable experiences using Cloudinary assets. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::final_touch::access"); |
Cloudinary 3D
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::global::cloudinary_3d::access | Access the Cloudinary 3D product to upload, manage, and preview 3D assets within the Console. | Access the Cloudinary 3D product to upload, manage, and preview 3D assets within the Console. | permit (principal, action, resource == Cloudinary::Feature::"cld::global::cloudinary_3d::access"); |
View
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::saved_search::view::view_saved_search | View saved search | View saved search | permit(principal, action == Cloudinary::Action::"read", resource == Cloudinary::SavedSearch::" |
Folder policies
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::content::folder::view_download | [Final] View all assets in a folder and its nested subfolders. | [Final] View all assets in a folder and its nested subfolders. | permit(principal, action == Cloudinary::Action::"read", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::download_public_assets | [Final] Download all assets marked as 'Public' in a folder and its subfolders. | [Final] Download all assets marked as 'Public' in a folder and its subfolders. | permit(principal, action == Cloudinary::Action::"download", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::download_restricted_assets | [Final] Download all assets marked as 'Restricted' in a folder and its subfolders. | [Final] Download all assets marked as 'Restricted' in a folder and its subfolders. | permit(principal, action == Cloudinary::Action::"download", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::add_assets | [Final] Add assets by uploading new files, saving an asset as new, or moving existing assets from other folders. Tags and structured metadata can be applied during upload. | [Final] Add assets by uploading new files, saving an asset as new, or moving existing assets from other folders. Tags and structured metadata can be applied during upload. | permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::create_subfolders | [Final] Create subfolders or move existing folders into this folder. | [Final] Create subfolders or move existing folders into this folder. | permit(principal, action == Cloudinary::Action::"create", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::update_assets | [Final] Perform actions on assets in a specific folder and its subfolders, including replacing and editing assets, restoring versions, and updating tags, structured metadata, and contextual metadata. | [Final] Perform actions on assets in a specific folder and its subfolders, including replacing and editing assets, restoring versions, and updating tags, structured metadata, and contextual metadata. | permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::rename_subfolders | [Final] Rename subfolders within a specified folder. This doesn't include permission to rename the folder itself. | [Final] Rename subfolders within a specified folder. This doesn't include permission to rename the folder itself. | permit(principal, action == Cloudinary::Action::"rename", resource is Cloudinary::Folder) when { resource != Cloudinary::Folder::" |
cld::policy::content::folder::rename_assets | [Final] Edit the display names and public IDs of assets in a specified folder and its subfolders. In the legacy fixed-folder mode, renaming a public ID also requires the ‘Move assets’ permission. | [Final] Edit the display names and public IDs of assets in a specified folder and its subfolders. In the legacy fixed-folder mode, renaming a public ID also requires the ‘Move assets’ permission. | permit(principal, action == Cloudinary::Action::"rename", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::delete_assets | [Final] Delete assets in a specified folder and its subfolders. | [Final] Delete assets in a specified folder and its subfolders. | permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::delete_subfolders | [Final] Delete subfolders within a specified folder. To delete subfolders that contain assets, the user must also have the 'Delete assets' permission for those assets. | [Final] Delete subfolders within a specified folder. To delete subfolders that contain assets, the user must also have the 'Delete assets' permission for those assets. | permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::Folder) when { resource != Cloudinary::Folder::" |
cld::policy::content::folder::move_assets | [Final] Move assets between folders. This action also requires the 'Add assets' permission for the destination folder. | [Final] Move assets between folders. This action also requires the 'Add assets' permission for the destination folder. | permit(principal, action == Cloudinary::Action::"move", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::delete | [Final] Delete a specified folder and its contents. If the folder contains assets, the user must also have the 'Delete assets' permission for all of them. This action is limited to folders with 1,000 assets or fewer. | [Final] Delete a specified folder and its contents. If the folder contains assets, the user must also have the 'Delete assets' permission for all of them. This action is limited to folders with 1,000 assets or fewer. | permit(principal, action == Cloudinary::Action::"delete", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::rename | [Final] Rename a folder and its subfolders. This action isn't available in the legacy fixed folder mode. | [Final] Rename a folder and its subfolders. This action isn't available in the legacy fixed folder mode. | permit(principal, action == Cloudinary::Action::"rename", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::move | [Final] Move a folder and all of its contents to a different location in the folder hierarchy. For example, move Folder A (and its subfolder B) into a new parent folder. In product environments with fixed folder mode, this action also requires the 'Move assets' permission the folder. | [Final] Move a folder and all of its contents to a different location in the folder hierarchy. For example, move Folder A (and its subfolder B) into a new parent folder. In product environments with fixed folder mode, this action also requires the 'Move assets' permission the folder. | permit(principal, action == Cloudinary::Action::"move", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::move_subfolders | [Final] Move subfolders to a different location in the folder hierarchy. For example, move Folder C out of Folder B, without moving Folder B itself. In environments with fixed folder mode, this action also requires the 'Move assets' permission for the subfolder. | [Final] Move subfolders to a different location in the folder hierarchy. For example, move Folder C out of Folder B, without moving Folder B itself. In environments with fixed folder mode, this action also requires the 'Move assets' permission for the subfolder. | permit(principal, action == Cloudinary::Action::"move", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::moderate | [Final] Approve or reject assets in the folder and its subfolders via the Moderation page in the Media Library. Moderating assets also requires the global 'Access the Moderation page' permission. | [Final] Approve or reject assets in the folder and its subfolders via the Moderation page in the Media Library. Moderating assets also requires the global 'Access the Moderation page' permission. | permit(principal, action == Cloudinary::Action::"moderate", resource is Cloudinary::Asset) when {resource.ancestor_ids.contains(" |
cld::policy::content::folder::manage_public_link | [Final] Create, view, update, and delete public links for assets in the folder and its subfolders, including setting access date ranges. | [Final] Create, view, update, and delete public links for assets in the folder and its subfolders, including setting access date ranges. | permit (principal, action, resource is Cloudinary::PublicLink) when {resource.subject_type=="asset" && resource.subject_ancestor_ids.contains(" |
cld::policy::content::folder::edit_access_control | [Final] Set asset access control for assets in the folder and its subfolders to 'Public' or 'Restricted', with optional date-based rules for limited-time public access. | [Final] Set asset access control for assets in the folder and its subfolders to 'Public' or 'Restricted', with optional date-based rules for limited-time public access. | permit(principal, action == Cloudinary::Action::"update", resource is Cloudinary::Asset) when { resource.ancestor_ids.contains(" |
cld::policy::content::folder::invite | [Final] Manage user and group access to the folder and its subfolders. | [Final] Manage user and group access to the folder and its subfolders. | permit(principal, action == Cloudinary::Action::"invite", resource is Cloudinary::Folder) when { resource.ancestor_ids.contains(" |
Collection policies
System Policy ID | System Policy Ids | Description | Policy Statement |
---|---|---|---|
cld::policy::content::collection::view | View the collection and all the assets in it without requiring global or folder permissions for those assets. | View the collection and all the assets in it without requiring global or folder permissions for those assets. | permit(principal, action == Cloudinary::Action::"read", resource == Cloudinary::Collection::" |
cld::policy::content::collection::download_public_assets | Download all assets marked as 'Public' in the collection without requiring global or folder permissions. | Download all assets marked as 'Public' in the collection without requiring global or folder permissions. | permit(principal, action == Cloudinary::Action::"download", resource == Cloudinary::Collection::" |
cld::policy::content::collection::download_restricted_assets | Download all assets marked as 'Restricted' in the collection without requiring global or folder permissions. | Download all assets marked as 'Restricted' in the collection without requiring global or folder permissions. | permit(principal, action == Cloudinary::Action::"download", resource == Cloudinary::Collection::" |
cld::policy::content::collection::add_assets | Add assets To the collection. Users can only Add assets they are permitted to view, either through the 'View all assets in a folder' permission or the global 'View all folders and assets' permission. | Add assets To the collection. Users can only Add assets they are permitted to view, either through the 'View all assets in a folder' permission or the global 'View all folders and assets' permission. | permit(principal, action == Cloudinary::Action::"add_asset", resource == Cloudinary::Collection::" |
cld::policy::content::collection::remove_assets | Remove assets from the collection. Users can only remove assets they are permitted to view, either through the 'View all assets in a folder' permission or the global 'View all folders and assets' permission. | Remove assets from the collection. Users can only remove assets they are permitted to view, either through the 'View all assets in a folder' permission or the global 'View all folders and assets' permission. | permit(principal, action == Cloudinary::Action::"remove_asset", resource == Cloudinary::Collection::" |
cld::policy::content::collection::update | Rename the collection and edit its description. | Rename the collection and edit its description. | permit(principal, action == Cloudinary::Action::"update", resource == Cloudinary::Collection::" |
cld::policy::content::collection::delete | Delete the collection. This action doesn't affect the assets in it. | Delete the collection. This action doesn't affect the assets in it. | permit(principal, action == Cloudinary::Action::"delete", resource == Cloudinary::Collection::" |
cld::policy::content::collection::mange_public_link | View, create, copy, update, configure, and delete the public link for a collection. | View, create, copy, update, configure, and delete the public link for a collection. | permit (principal, action, resource is Cloudinary::PublicLink) when { resource.subject_type == "collection" }; permit(principal, action, resource == Cloudinary::Collection::" |
cld::policy::content::collection::invite | Invite users and groups to a collection, and add, edit, or remove their permissions. Users can only assign permission levels that are equal to or lower than their own for that collection. | Invite users and groups to a collection, and add, edit, or remove their permissions. Users can only assign permission levels that are equal to or lower than their own for that collection. | permit(principal, action == Cloudinary::Action::"invite", resource == Cloudinary::Collection::" |
System role reference
This section lists all system roles, including each role's ID, name, description. Blow each group of roles, you'll see the policy IDs for all the policies it includes.
You can use this list to:
Decide which role to assign to a user, group, or API key.
Look up the role ID when assigning the role.
Review the system policies granted by roles that are already in use.
For more background information about system policies, see Role-based permissions overview.
For more information on system roles, see Manage roles.
Global account-level roles
Role ID | Role Name | Description | System Policy Ids |
---|---|---|---|
cld::role::account::master_admin | Master Admin | Manage all account-level settings and features. | 17 policies: cld::policy::global::add_ons::run, cld::policy::global::account_information::manage, cld::policy::global::account_api_keys::manage... (see full list below) |
cld::role::account::admin | Admin | Manage roles, users, and groups, and access Cloudinary products. | 8 policies: cld::policy::global::add_ons::run, cld::policy::global::users_and_groups::view, cld::policy::global::users_and_groups::manage... (see full list below) |
cld::role::account::billing | Billing | Manage account-level billing, including current plans, payment methods, tracking usage, and purchasing add-ons. | cld::policy::global::billing::view, cld::policy::global::billing::manage |
cld::role::account::reports | Reports | View account-level reports and usage metrics, including audit logs, dashboard usage summaries, and account-wide activity reports. | cld::policy::global::reports::auto_monthly::view, cld::policy::global::image::access, cld::policy::global::media_flows::usage_n_plane::view, cld::policy::global::final_touch::access, cld::policy::global::cloudinary_3d::access |
cld::role::account::mediaflows_admin | Admin | Madia flow account viewer | 17 policies: cld::policy::global::add_ons::run, cld::policy::global::account_information::manage, cld::policy::global::account_api_keys::manage... (see full list below) |
Master Admin - Full Policy List:
- cld::policy::global::add_ons::run
- cld::policy::global::account_information::manage
- cld::policy::global::account_api_keys::manage
- cld::policy::global::product_environments::view
- cld::policy::global::product_environments::manage
- cld::policy::global::users_and_groups::view
- cld::policy::global::users_and_groups::manage
- cld::policy::global::account_security::view
- cld::policy::global::account_security::manage
- cld::policy::global::roles_permissions::manage
- cld::policy::global::billing::view
- cld::policy::global::billing::manage
- cld::policy::global::reports::auto_monthly::view
- cld::policy::global::image::access
- cld::policy::global::media_flows::usage_n_plane::view
- cld::policy::global::final_touch::access
- cld::policy::global::cloudinary_3d::access
Admin - Full Policy List:
- cld::policy::global::add_ons::run
- cld::policy::global::users_and_groups::view
- cld::policy::global::users_and_groups::manage
- cld::policy::global::roles_permissions::manage
- cld::policy::global::image::access
- cld::policy::global::media_flows::usage_n_plane::view
- cld::policy::global::final_touch::access
- cld::policy::global::cloudinary_3d::access
Admin - Full Policy List:
- cld::policy::global::add_ons::run
- cld::policy::global::account_information::manage
- cld::policy::global::account_api_keys::manage
- cld::policy::global::product_environments::view
- cld::policy::global::product_environments::manage
- cld::policy::global::users_and_groups::view
- cld::policy::global::users_and_groups::manage
- cld::policy::global::account_security::view
- cld::policy::global::account_security::manage
- cld::policy::global::roles_permissions::manage
- cld::policy::global::billing::view
- cld::policy::global::billing::manage
- cld::policy::global::reports::auto_monthly::view
- cld::policy::global::image::access
- cld::policy::global::media_flows::usage_n_plane::view
- cld::policy::global::final_touch::access
- cld::policy::global::cloudinary_3d::access
Global product environment-level roles
Role ID | Role Name | Description | System Policy Ids |
---|---|---|---|
cld::role::prodenv::master_admin | Master Admin | Fully manage all product environments, including settings, all features across products, and dashboards and reports. | 57 policies: cld::policy::global::basic_portals::access, cld::policy::global::ml_preferences::manage, cld::policy::global::ml_dashboard::access... (see full list below) |
cld::role::prodenv::admin | Admin | Manage permitted product environments, including Console Settings, all features across products, and relevant dashboards and reports. | 53 policies: cld::policy::global::basic_portals::access, cld::policy::global::structured_metadata::access, cld::policy::global::moderation_queue::access... (see full list below) |
cld::role::prodenv::tech_admin | Tech Admin | Manage tech areas, including product environment Console Settings, key features across products (excluding MediaFlows), and relevant dashboards & reports. | 48 policies: cld::policy::global::basic_portals::access, cld::policy::global::structured_metadata::access, cld::policy::global::moderation_queue::access... (see full list below) |
cld::role::prodenv::ml_admin | Media Library Admin | Access the Media Library for full usage and administration, including transformations, creative approval, and App Marketplace. | 32 policies: cld::policy::global::basic_portals::access, cld::policy::global::moderation_queue::access, cld::policy::global::ml::access... (see full list below) |
cld::role::prodenv::ml_user | Media Library User | Access specific folders and collections within the Media Library according to assigned permissions. | cld::policy::global::ml::access, cld::policy::global::marketplace:use, cld::policy::global::comments::delete |
cld::role::prodenv::reports | Reports | Access product environment reports, including delivery and error reports, transformation logs, and usage for all products. | 6 policies: cld::policy::global::reports::delivery::view, cld::policy::global::reports::errors::view, cld::policy::global::unnamed_transformations::view... (see full list below) |
cld::role::savedsearch::viewer | Viewer | bla bla 3 | cld::policy::saved_search::view::view_saved_search |
cld::role::prodenv::mediaflows_admin | Admin | Madia flow product environment viewer | 57 policies: cld::policy::global::basic_portals::access, cld::policy::global::ml_preferences::manage, cld::policy::global::ml_dashboard::access... (see full list below) |
Master Admin - Full Policy List:
- cld::policy::global::basic_portals::access
- cld::policy::global::ml_preferences::manage
- cld::policy::global::ml_dashboard::access
- cld::policy::global::activity_reports::access
- cld::policy::global::structured_metadata::access
- cld::policy::global::moderation_queue::access
- cld::policy::global::ml::access
- cld::policy::global::asset_relation::create
- cld::policy::global::marketplace:manage
- cld::policy::global::marketplace:read
- cld::policy::global::smd:bulk_upload
- cld::policy::global::delivery_url::access
- cld::policy::global::portals::view
- cld::policy::global::ml_flourish_report::view
- cld::policy::global::marketplace:use
- cld::policy::global::comments::delete
- cld::policy::global::automation::access
- cld::policy::global::assets::moderate
- cld::policy::global::folder_and_asset_management::delete
- cld::policy::global::folder_and_asset_management::view
- cld::policy::global::folder_and_asset_management::public::download
- cld::policy::global::folder_and_asset_management::restricted::download
- cld::policy::global::folder_and_asset_management::create_folder
- cld::policy::global::folder_and_asset_management::create_asset
- cld::policy::global::folder_and_asset_management::update
- cld::policy::global::folder_and_asset_management::update_access_control
- cld::policy::global:::restore
- cld::policy::global::public_links::manage
- cld::policy::global::folders::share
- cld::policy::global::collections::create
- cld::policy::global::collections::view
- cld::policy::global::collections::update
- cld::policy::global::collections::invite
- cld::policy::global::dynamic_collections::manage
- cld::policy::global::api_keys::view
- cld::policy::global::api_keys::manage
- cld::policy::global::upload_presets::manage
- cld::policy::global::backup_settings::Manage
- cld::policy::global::optimization_settings::manage
- cld::policy::global::delivery_settings::manage
- cld::policy::global::webhook_notifications::view
- cld::policy::global::webhook_notifications::manage
- cld::policy::global::prodenv_security::manage
- cld::policy::global::reports::delivery::view
- cld::policy::global::reports::errors::view
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::unnamed_transformations::manage
- cld::policy::global::named_transformations::view
- cld::policy::global::named_transformations::delete
- cld::policy::global::named_transformations::update
- cld::policy::global::named_transformations::create
- cld::policy::global::video::access
- cld::policy::global::video:video_analytics::view
- cld::policy::global::video:live_streams::manage
- cld::policy::global::video_player_profiles::manage
- cld::policy::global::media_flows::access
- cld::policy::global::media_flows::manage
Admin - Full Policy List:
- cld::policy::global::basic_portals::access
- cld::policy::global::structured_metadata::access
- cld::policy::global::moderation_queue::access
- cld::policy::global::ml::access
- cld::policy::global::asset_relation::create
- cld::policy::global::marketplace:manage
- cld::policy::global::marketplace:read
- cld::policy::global::smd:bulk_upload
- cld::policy::global::delivery_url::access
- cld::policy::global::portals::view
- cld::policy::global::ml_flourish_report::view
- cld::policy::global::marketplace:use
- cld::policy::global::comments::delete
- cld::policy::global::assets::moderate
- cld::policy::global::folder_and_asset_management::delete
- cld::policy::global::folder_and_asset_management::view
- cld::policy::global::folder_and_asset_management::public::download
- cld::policy::global::folder_and_asset_management::restricted::download
- cld::policy::global::folder_and_asset_management::create_folder
- cld::policy::global::folder_and_asset_management::create_asset
- cld::policy::global::folder_and_asset_management::update
- cld::policy::global::folder_and_asset_management::update_access_control
- cld::policy::global:::restore
- cld::policy::global::public_links::manage
- cld::policy::global::folders::share
- cld::policy::global::collections::create
- cld::policy::global::collections::view
- cld::policy::global::collections::update
- cld::policy::global::collections::invite
- cld::policy::global::dynamic_collections::manage
- cld::policy::global::api_keys::view
- cld::policy::global::api_keys::manage
- cld::policy::global::upload_presets::manage
- cld::policy::global::backup_settings::Manage
- cld::policy::global::optimization_settings::manage
- cld::policy::global::delivery_settings::manage
- cld::policy::global::webhook_notifications::view
- cld::policy::global::webhook_notifications::manage
- cld::policy::global::prodenv_security::manage
- cld::policy::global::reports::delivery::view
- cld::policy::global::reports::errors::view
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::unnamed_transformations::manage
- cld::policy::global::named_transformations::view
- cld::policy::global::named_transformations::delete
- cld::policy::global::named_transformations::update
- cld::policy::global::named_transformations::create
- cld::policy::global::video::access
- cld::policy::global::video:video_analytics::view
- cld::policy::global::video:live_streams::manage
- cld::policy::global::video_player_profiles::manage
- cld::policy::global::media_flows::access
- cld::policy::global::media_flows::manage
Tech Admin - Full Policy List:
- cld::policy::global::basic_portals::access
- cld::policy::global::structured_metadata::access
- cld::policy::global::moderation_queue::access
- cld::policy::global::ml::access
- cld::policy::global::asset_relation::create
- cld::policy::global::marketplace:manage
- cld::policy::global::smd:bulk_upload
- cld::policy::global::delivery_url::access
- cld::policy::global::marketplace:use
- cld::policy::global::comments::delete
- cld::policy::global::assets::moderate
- cld::policy::global::folder_and_asset_management::delete
- cld::policy::global::folder_and_asset_management::view
- cld::policy::global::folder_and_asset_management::public::download
- cld::policy::global::folder_and_asset_management::restricted::download
- cld::policy::global::folder_and_asset_management::create_folder
- cld::policy::global::folder_and_asset_management::create_asset
- cld::policy::global::folder_and_asset_management::update
- cld::policy::global::folder_and_asset_management::update_access_control
- cld::policy::global:::restore
- cld::policy::global::public_links::manage
- cld::policy::global::folders::share
- cld::policy::global::collections::create
- cld::policy::global::collections::view
- cld::policy::global::collections::update
- cld::policy::global::collections::invite
- cld::policy::global::dynamic_collections::manage
- cld::policy::global::api_keys::view
- cld::policy::global::api_keys::manage
- cld::policy::global::upload_presets::manage
- cld::policy::global::backup_settings::Manage
- cld::policy::global::optimization_settings::manage
- cld::policy::global::delivery_settings::manage
- cld::policy::global::webhook_notifications::view
- cld::policy::global::webhook_notifications::manage
- cld::policy::global::prodenv_security::manage
- cld::policy::global::reports::delivery::view
- cld::policy::global::reports::errors::view
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::unnamed_transformations::manage
- cld::policy::global::named_transformations::view
- cld::policy::global::named_transformations::delete
- cld::policy::global::named_transformations::update
- cld::policy::global::named_transformations::create
- cld::policy::global::video::access
- cld::policy::global::video:video_analytics::view
- cld::policy::global::video:live_streams::manage
- cld::policy::global::video_player_profiles::manage
Media Library Admin - Full Policy List:
- cld::policy::global::basic_portals::access
- cld::policy::global::moderation_queue::access
- cld::policy::global::ml::access
- cld::policy::global::asset_relation::create
- cld::policy::global::marketplace:manage
- cld::policy::global::smd:bulk_upload
- cld::policy::global::delivery_url::access
- cld::policy::global::marketplace:use
- cld::policy::global::comments::delete
- cld::policy::global::assets::moderate
- cld::policy::global::folder_and_asset_management::delete
- cld::policy::global::folder_and_asset_management::view
- cld::policy::global::folder_and_asset_management::public::download
- cld::policy::global::folder_and_asset_management::restricted::download
- cld::policy::global::folder_and_asset_management::create_folder
- cld::policy::global::folder_and_asset_management::create_asset
- cld::policy::global::folder_and_asset_management::update
- cld::policy::global::folder_and_asset_management::update_access_control
- cld::policy::global:::restore
- cld::policy::global::public_links::manage
- cld::policy::global::folders::share
- cld::policy::global::collections::create
- cld::policy::global::collections::view
- cld::policy::global::collections::update
- cld::policy::global::collections::invite
- cld::policy::global::dynamic_collections::manage
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::unnamed_transformations::manage
- cld::policy::global::named_transformations::view
- cld::policy::global::named_transformations::delete
- cld::policy::global::named_transformations::update
- cld::policy::global::named_transformations::create
Reports - Full Policy List:
- cld::policy::global::reports::delivery::view
- cld::policy::global::reports::errors::view
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::video::access
- cld::policy::global::video:video_analytics::view
- cld::policy::global::media_flows::access
Admin - Full Policy List:
- cld::policy::global::basic_portals::access
- cld::policy::global::ml_preferences::manage
- cld::policy::global::ml_dashboard::access
- cld::policy::global::activity_reports::access
- cld::policy::global::structured_metadata::access
- cld::policy::global::moderation_queue::access
- cld::policy::global::ml::access
- cld::policy::global::asset_relation::create
- cld::policy::global::marketplace:manage
- cld::policy::global::marketplace:read
- cld::policy::global::smd:bulk_upload
- cld::policy::global::delivery_url::access
- cld::policy::global::portals::view
- cld::policy::global::ml_flourish_report::view
- cld::policy::global::marketplace:use
- cld::policy::global::comments::delete
- cld::policy::global::automation::access
- cld::policy::global::assets::moderate
- cld::policy::global::folder_and_asset_management::delete
- cld::policy::global::folder_and_asset_management::view
- cld::policy::global::folder_and_asset_management::public::download
- cld::policy::global::folder_and_asset_management::restricted::download
- cld::policy::global::folder_and_asset_management::create_folder
- cld::policy::global::folder_and_asset_management::create_asset
- cld::policy::global::folder_and_asset_management::update
- cld::policy::global::folder_and_asset_management::update_access_control
- cld::policy::global:::restore
- cld::policy::global::public_links::manage
- cld::policy::global::folders::share
- cld::policy::global::collections::create
- cld::policy::global::collections::view
- cld::policy::global::collections::update
- cld::policy::global::collections::invite
- cld::policy::global::dynamic_collections::manage
- cld::policy::global::api_keys::view
- cld::policy::global::api_keys::manage
- cld::policy::global::upload_presets::manage
- cld::policy::global::backup_settings::Manage
- cld::policy::global::optimization_settings::manage
- cld::policy::global::delivery_settings::manage
- cld::policy::global::webhook_notifications::view
- cld::policy::global::webhook_notifications::manage
- cld::policy::global::prodenv_security::manage
- cld::policy::global::reports::delivery::view
- cld::policy::global::reports::errors::view
- cld::policy::global::unnamed_transformations::view
- cld::policy::global::unnamed_transformations::manage
- cld::policy::global::named_transformations::view
- cld::policy::global::named_transformations::delete
- cld::policy::global::named_transformations::update
- cld::policy::global::named_transformations::create
- cld::policy::global::video::access
- cld::policy::global::video:video_analytics::view
- cld::policy::global::video:live_streams::manage
- cld::policy::global::video_player_profiles::manage
- cld::policy::global::media_flows::access
- cld::policy::global::media_flows::manage
Folder roles
Role ID | Role Name | Description | System Policy Ids |
---|---|---|---|
cld::role::folder::manager | Manager | All Editor permissions, plus full control over folder contents, including asset access control and public links, as well as folder sharing and access management. | 16 policies: cld::policy::content::folder::view_download, cld::policy::content::folder::download_public_assets, cld::policy::content::folder::download_restricted_assets... (see full list below) |
cld::role::folder::contributor | Contributor | All Viewer permissions, plus contribute new content by uploading, saving as new, creating subfolders, and moving assets in. | cld::policy::content::folder::view_download, cld::policy::content::folder::download_public_assets, cld::policy::content::folder::add_assets, cld::policy::content::folder::create_subfolders |
cld::role::folder::viewer | Viewer | View the folder and its contents for browsing or downloading assets. | cld::policy::content::folder::view_download, cld::policy::content::folder::download_public_assets |
cld::role::folder::editor | Editor | All Contributor permissions, plus edit content, including restoring versions, updating metadata and tags, and renaming assets and subfolders. | 7 policies: cld::policy::content::folder::view_download, cld::policy::content::folder::download_public_assets, cld::policy::content::folder::add_assets... (see full list below) |
Manager - Full Policy List:
- cld::policy::content::folder::view_download
- cld::policy::content::folder::download_public_assets
- cld::policy::content::folder::download_restricted_assets
- cld::policy::content::folder::add_assets
- cld::policy::content::folder::create_subfolders
- cld::policy::content::folder::update_assets
- cld::policy::content::folder::rename_subfolders
- cld::policy::content::folder::rename_assets
- cld::policy::content::folder::delete_assets
- cld::policy::content::folder::move_assets
- cld::policy::content::folder::delete
- cld::policy::content::folder::rename
- cld::policy::content::folder::move
- cld::policy::content::folder::manage_public_link
- cld::policy::content::folder::edit_access_control
- cld::policy::content::folder::invite
Editor - Full Policy List:
- cld::policy::content::folder::view_download
- cld::policy::content::folder::download_public_assets
- cld::policy::content::folder::add_assets
- cld::policy::content::folder::create_subfolders
- cld::policy::content::folder::update_assets
- cld::policy::content::folder::rename_subfolders
- cld::policy::content::folder::rename_assets
Collection roles
Role ID | Role Name | Description | System Policy Ids |
---|---|---|---|
cld::role::collection::manager | Manager | All Distributor permissions, plus manage the collection, including removing assets, deleting the collection, updating details, and managing public links. | 9 policies: cld::policy::content::collection::view, cld::policy::content::collection::download_public_assets, cld::policy::content::collection::download_restricted_assets... (see full list below) |
cld::role::collection::collaborator | Collaborator | All Viewer permissions, plus add assets to the collection. | cld::policy::content::collection::view, cld::policy::content::collection::download_public_assets, cld::policy::content::collection::add_assets, cld::policy::content::collection::update |
cld::role::collection::distributor | Distributor | All Collaborator permissions, plus share the collection with others in the organization. | cld::policy::content::collection::view, cld::policy::content::collection::download_public_assets, cld::policy::content::collection::mange_public_link, cld::policy::content::collection::invite |
cld::role::collection::viewer | Viewer | View and download assets in the collection. | cld::policy::content::collection::view, cld::policy::content::collection::download_public_assets |
Manager - Full Policy List:
- cld::policy::content::collection::view
- cld::policy::content::collection::download_public_assets
- cld::policy::content::collection::download_restricted_assets
- cld::policy::content::collection::add_assets
- cld::policy::content::collection::remove_assets
- cld::policy::content::collection::update
- cld::policy::content::collection::delete
- cld::policy::content::collection::mange_public_link
- cld::policy::content::collection::invite