Media Access Control
Media access control is an important feature in media handling to avoid security vulnerabilities such as
confidential media items connected to a business object being visible to other users as well.
Media access control is an optional feature and is handled by access checks. The access checks can be enabled or
disabled for media items using the ACCESS_CHECKS property for MediaItem LU in
Object Properties page. If the property value is set as TRUE, access checks are enabled
and if the property value is set as FALSE, access checks are disabled. This is a Restricted = True
setting where only an administrator can edit the property. Access checks are only applicable for
Private media items.
When the access checks are enabled;
- Private media items are only accessible by the creator of the media item and system administrators. If a
media item is connected to a business object, the users who have access to the business object also get access to
the media item.
- Non-private ("public") media items are accessible by anyone.
- Only the creator or a system administrator can modify the private attribute of a media item.
- Only the creator or a system administrator can connect a private media item to a business object.
- Anyone can connect any non-private media item to a business object.
When the access checks are disabled;
- Both private and non-private media items are accessible by anyone.
- Anyone can modify the private attribute of a media item.
- Anyone can connect any private or non-private media item to a business object.