Appcenter operations and media access security, Ftp and media access security, K2 sans and media access security – Grass Valley K2 System Guide v.9.0 User Manual

5. Add users and groups to the access control list and set permissions as follows:

a) Click

Add

. The Select Users or Groups dialog box opens. This is the standard Windows

operating system interface to users and groups, so you can use standard Windows procedures.
In the “Enter the object names…” box, you can enter the users or groups for which you want
to set permissions, then click

OK

.

b) In the Permission settings dialog box, select a user or group and then set permissions as

desired.

6. Click

Apply

,

OK

, and

Close

to save settings and close dialog boxes.

AppCenter operations and media access security

AppCenter uses the credential information for the current AppCenter logon and checks it against
the access control list for a K2 bin. This is the access control list that you set up through the Organize
Bins dialog box in AppCenter. In this way, AppCenter determines whether to allow or deny operations
on media in a K2 bin.

Once permissions are granted based on the current logon account, those permissions remain in place
until that account logs off of AppCenter.

FTP and media access security

The following systems host the K2 FTP interface:

•

A stand-alone K2 system.

•

A K2 Media Server that takes the role of FTP server

The way in which the K2 FTP interface applies media access security is explained in this section.

The K2 FTP interface uses the credential information for the current FTP session logon and checks
it against the access control list for a K2 bin. This is the access control list that you set up through
the Organize Bins dialog box in AppCenter. Any media access related operations such as

get

,

put

,

dir

,

rename

and

delete

are checked against the FTP session’s logon credentials to access the

media. For example, if an FTP session is denied access to List Bin Contents for bin A, then the
session can not initiate a

dir

operation on bin A to list the contents of the bin. Furthermore, the

session can not transfer clips into bin A using the

put

operation.

For the purpose of compatibility FTP access conventions, accounts for user

movie

or user

mxfmovie

are provided on the K2 system. There is also a

video_fs

account for Mac/FCP access. These

accounts are automatically set up when you install K2 software version 3.2 or higher. Do not restrict
access for these accounts. If your security policy requires restricting access to these accounts, contact
Grass Valley Support.

On a K2 SAN, authentication takes place on the K2 Media Server. Setting up FTP security for
specific local users and groups is not supported on a K2 SAN, with the exception of the local

movie

and

mxfmovie

accounts. However, you can set up FTP security for domain users and groups.

K2 SANs and media access security

This section applies to media access security, not FTP security. Refer to the preceding section for
information about FTP security.

06 November 2012

K2 System Guide

179

Administering and maintaining the K2 system