Skip to content

Users And Roles

Erizos Studio uses a role-based access control system to manage user permissions. This allows administrators to define what users can see and do within the Studio, ensuring proper access control for different team members.

Key Benefits:

  • Secure access control for broadcast operations
  • Separation of duties between designers, operators, and administrators
  • Multi-location and multi-project support via folder permissions
  • Flexible role assignment — users can have multiple roles

Managing Roles and Users

Accessing User Manager

  1. Log in to Erizos Studio with the default administrator credentials:
    Username: admin | Password: admin
  2. Go to the Admin section.
  3. In the left sidebar menu, click User Manager.

Warning

Change the default admin password after initial setup for security.

User Manager - Users

There you'll see the list of users existing in the Studio, and the Roles — the scope of the permission sets granted to specific users.

By clicking on a user in the list, a table with permissions Allowed for that specific user will appear next to it.

Note

Only users with the Admin role can see and switch the radio button to All Permissions and grant new roles to users.

Users Tab Interface

User Manager - Users tab interface

  1. Within the Users tab you can switch the All / Studio / MOS user lists:

    • All — contains users from both Studio and MOS tabs
    • Studio — lists users manually created by the admin
    • MOS — lists users automatically created by the MOS plugin

  2. The list of the users.

  3. Edit User:

    User Manager - Edit User

    • In the Users tab, locate the user
    • Press the Edit button or right-click on the user and select Edit
    • Username is not editable
    • Edit the name if needed
    • In the Roles field:
      • To add roles — select from the dropdown
      • To remove roles — click the X next to the role name
    • Click Save

    Note

    Permission changes don't take effect immediately. Users need to log out and back in.

    Warning

    The Administrator role cannot be recalled.

  4. Delete User. Note that deleting an Admin is not possible.

  5. Reset Settings to Default: firstly select the user and then press Reset Settings, which will reset the Studio settings to the default ones.

  6. Add User:

    User Manager - Add User

    • Click the + button
    • Fill in user details:
      • User Name: login username (cannot be changed later)
      • Name: display name
      • Roles: select one or more roles from the dropdown
      • New Password: set user password
      • Confirm Password: repeat password
    • Click Save

    Multiple Roles

    A user can have multiple roles — select all the needed roles from the dropdown.

  7. Filter helps you to find the user using the keywords.

  8. Allowed: the permissions set granted to the user.
    All Permissions: all available permissions; only users with the Administrator role can view and configure these.

  9. Columns with the permission set for the exact role.

    Note

    The first column is the User-Specific permissions set — it allows granting or recalling permissions for an individual user without modifying the role's defined permission set.

  10. Click to add the folder-specific permissions: grant access to specific folders created in the Studio.

  11. Filter the permissions by the keywords.

Roles Tab Interface

A role is a named set of permissions that defines what a user assigned that role can do.

User Manager - Roles tab interface

  1. List of the default and created roles. The default roles are: administrator, studio, editor, nrcs.

  2. Delete role.

    Note

    Default roles cannot be deleted.

  3. Add a new role:

    • Click the + button in the toolbar
    • Enter a role name (e.g., Designer, Producer, Operator)
    • Configure permissions by ticking the checkboxes:
      • Expand Global to see Apps and other categories
      • Check permissions for Apps: Studio, UIBuilder, Remote, Branding, Admin
      • Check permissions for Shows, Playlists, Templates, Pages, Profiles, Engines
      • Check the folder permissions for multi-location setups
    • Click Save All

  4. Filter roles using the keywords.

  5. Allowed: permissions allowed for that role — this is a read-only tab.
    All Permissions: permissions you may grant or recall; only users with the Administrator role can do this.

  6. Role's permissions: tick the checkboxes to grant or recall the permission.
    Press the Save button under the role's name or the Save All button in the bottom right corner after configuring the permissions.

  7. Click to add the folder-specific permissions: grant access to specific folders created in the Studio.

  8. Filter the permissions by the keywords.

Folder-Specific Permissions

Folder permissions allow you to choose the folder to which the permissions apply. This is useful for multi-location broadcast facilities or organizations managing multiple channels.

Use Cases

  • Geographic separation: New York studio vs. Los Angeles studio
  • Department isolation: News department vs. Sports department
  • Multi-client environments: Separate access for different broadcast channels

Creating Folder Permissions

  1. In the Roles tab, click on the role you want to apply to a specific folder.
  2. Click the + button under the Allowed / All Permissions toolbar.
  3. Enter a folder path (e.g., /NYC, /Sports, /Channel1) or choose from the Folders dropdown by clicking the input field.
  4. The permissions of the selected role will be applied to the chosen folder.
  5. Click Save All.

User Manager - Creating Folder Permissions

Example: An operator with a role containing the folder-specific permission /NYC can only access shows, playlists, and pages tagged with the NYC folder. Content from /LA will be hidden from this user.

Best Practices

  • Change default credentials — update the default admin username and password immediately after installation
  • Follow least privilege principle — grant users only the permissions they need to perform their job
  • Use descriptive role names — name roles based on job function (e.g., Evening News Operator)
  • Test before deployment — create test users with new roles and verify permissions before assigning to production staff
  • Use folder permissions for isolation — if managing multiple studios or departments, use folder permissions to prevent accidental cross-contamination of content

Default Roles

Tip

Start with one of the standard roles (Administrator, Operator, Designer, NRCS) and modify permissions as needed for your workflow.

User Manager includes four standard roles designed for typical broadcast workflows:

Administrator

Purpose: Full system control and user management.

Use Case: IT administrators, system managers, and technical staff who need complete access to configure Studio, manage users, and control all broadcast operations.

Access Level: Complete access to all applications, content, and administrative functions.

Operator

Purpose: Operate broadcast graphics during live shows.

Use Case: Playout operators, graphics operators, and production staff who control graphics output during live broadcasts. They can access Studio, manage shows and playlists, create and edit pages, and control broadcast profiles.

Access Level: Operational control over broadcast content and graphics playout. Cannot manage templates, engines, or administrative settings.

Designer

Purpose: Create and manage graphics templates and content.

Use Case: Broadcast designers, motion graphics artists, and creative staff who build graphics templates in external tools (Unreal Engine, Ograf, etc.) and import them into Studio. They have full access to UI Builder, templates, pages, engines, and can manage shows and playlists.

Access Level: Full creative control over graphics content, templates, and pages. Can configure render engines and manage broadcast profiles.

NRCS

Purpose: Integration with newsroom systems via MOS protocol.

Use Case: Automated newsroom systems that need to read show information, change active shows, create/update pages, and preview graphics. This role is typically assigned to MOS integration accounts, not individual users.

Access Level: Read access to shows, ability to change shows, create/update/delete pages, and preview graphics. Limited to operations needed for newsroom automation.