Media Access Control
Media access control is an important feature in media handling to avoid
security vulnerabilities such as confidential media items connected to a
business object being visible to other users as well.
Media access control is an optional feature and is handled by access checks. The access checks can be
enabled or disabled for media items using the ACCESS_CHECKS
property for MediaItem LU in Object Properties
page. If the property value is set as TRUE, access checks are enabled and if
the property value is set as FALSE, access checks are disabled. This is a
Restricted = True setting where only an administrator can
edit the property. Access checks are only applicable for Private
media items.
When the access checks are enabled;
- Private media items are only accessible by the creator of the media
item and system administrators. If a media item is connected to a
business object, the users who have access to the business object also
get access to the media item.
- Non-private ("public") media items are accessible by anyone.
- Only the creator or a system administrator can modify the private
attribute of a media item.
- Only the creator or a system administrator can connect a private media
item to a business object.
- Anyone can connect any non-private media item to a business object.
When the access checks are disabled;
- Both private and non-private media items are accessible by
anyone.
- Anyone can modify the private attribute of a media item.
- Anyone can connect any private or non-private media item to a
business object.