ACLs and Permissions Management¶
NVIDIA Omniverse™ allow restricting content access via its Permissions feature. Permissions are ACLs - or Access Control Lists.
ACLs can be used to make a project directory be accessible only to the team working on it and enable a user can protect his/her files from being changed by other users - but still be visible/readable to those users.
There are 4 different levels of access: no access, read, write, and owner. These can be applied to both folders and files.
Can see and read
Can create, modify, and delete
Can change permissions
Permissions are inherited/recursive; meaning, if a file does not have an ACL specified for the user trying to access it the system will look to the parent directory structure until an ACL is defined - and then resolve the access right.
Many users can be combined into groups by administrators (see Grant Admin Access).
For larger teams it is easier to manage permissions by using groups rather than individual users. As team memberships change over time the groups can be edited to reflect this change, thereby modifying access to directory items with set permissions.
See User Groups for more on how user groups can be managed.
A user can be part of many user groups. A directory item can have many different groups represented in its permissions - and individual users. Some of these permissions could grant more access than others.
The system will evaluate all ACLs and select the most permissive ACL for a given user.
For example, user Jane is part of the “Content Creators” and the “Review” user groups. “Content Creators” have write access while the “Review” group only have read access. Jane will have write access because that is the most permissive ACL.
All administrators on the server - and any user that has the Owner ACL for a given directory item - can modify permissions.
Select a directory or a file and click the Permissions tab in the detail panel.
To add a permission, start typing the name of a user or a user group in the Assign user/group field. Select an item from the list and click the plus/add icon.
Edit the access level by selecting between R (Read), W (Write), or O (Owner). If no checkboxes are selected then a “No Access” ACL is applied.
Remove a user/group by clicking the remove icon next to the item in the “Assigned users/groups” list.
The above example will permit the “admin” and “gm” group Owner access. “My Team” users will have Write access. All other users will have No Access ACL.