ACLs and Permissions Management¶

NVIDIA Omniverse™ allow restricting content access via its Permissions feature. Permissions are ACLs - or Access Control Lists.

ACLs can be used to make a project directory be accessible only to the team working on it and enable a user can protect his/her files from being changed by other users - but still be visible/readable to those users.

Features¶

Access Levels¶

There are 4 different levels of access: no access, read, write, and owner. These can be applied to both folders and files.

Access Level

Can see and read

Can create, modify, and delete

Can change permissions

No Access

No

No

No

Read (R)

Yes

No

No

Write (W)

Yes

Yes

No

Owner (O)

Yes

Yes

Yes

Inheritance¶

Permissions are inherited/recursive; meaning, if a file does not have an ACL specified for the user trying to access it the system will look to the parent directory structure until an ACL is defined - and then resolve the access right.

User Groups¶

Many users can be combined into groups by administrators (see Grant Admin Access).

For larger teams it is easier to manage permissions by using groups rather than individual users. As team memberships change over time the groups can be edited to reflect this change, thereby modifying access to directory items with set permissions.

See User Groups for more on how user groups can be managed.

Multi-ACL Evaluation¶

A user can be part of many user groups. A directory item can have many different groups represented in its permissions - and individual users. Some of these permissions could grant more access than others.

The system will evaluate all ACLs and select the most permissive ACL for a given user.

For example, user Jane is part of the “Content Creators” and the “Review” user groups. “Content Creators” have write access while the “Review” group only have read access. Jane will have write access because that is the most permissive ACL.

Assign Permissions¶

All administrators on the server - and any user that has the Owner ACL for a given directory item - can modify permissions.

Select a directory or a file and click the Permissions tab in the detail panel.
To add a permission, start typing the name of a user or a user group in the Assign user/group field. Select an item from the list and click the plus/add icon.
Edit the access level by selecting between R (Read), W (Write), or O (Owner). If no checkboxes are selected then a “No Access” ACL is applied.
Remove a user/group by clicking the remove icon next to the item in the “Assigned users/groups” list.

The above example will permit the “admin” and “gm” group Owner access. “My Team” users will have Write access. All other users will have No Access ACL.