Users: Difference between revisions
Line 118: | Line 118: | ||
In this way, it is possible to hide some files from ''all users'', so be a bit careful. If the files in question are assigned to ''only'' a particular user, and that user has a filter in '''Files to Show''' that prevents them from seeing those files, then no one but the ''Administrator'' would be able to see the files. |
In this way, it is possible to hide some files from ''all users'', so be a bit careful. If the files in question are assigned to ''only'' a particular user, and that user has a filter in '''Files to Show''' that prevents them from seeing those files, then no one but the ''Administrator'' would be able to see the files. |
||
Also, note that the Edit Current User dialog box is not, itself, password protected. So there is nothing to stop a determined teenager from opening the same dialog box back up and removing the filter. As [[Users#Security_and_Scope|referenced above]], this feature is designed for convenience, not security. If you need to keep files on your filesystem secret, you should encrypt them on a [ |
Also, note that the Edit Current User dialog box is not, itself, password protected. So there is nothing to stop a determined teenager from opening the same dialog box back up and removing the filter. As [[Users#Security_and_Scope|referenced above]], this feature is designed for convenience, not security. If you need to keep files on your filesystem secret, you should encrypt them on a [https://veracrypt.codeplex.com/ VeraCrypt volume]. |
||
==== Advanced Files to Show Searches ==== |
==== Advanced Files to Show Searches ==== |
Revision as of 00:31, 30 November 2015
MC19 adds user accounts to the library. User accounts allow you to control which users see what content in your library. User accounts can optionally be password protected. The User system replaces Access Control from earlier versions.
The accounts are part of the library. The user accounts are included as part of a library backup, and any connected clients will have access to the same accounts as the server.
Security and Scope
User accounts change what files are shown in the library. However, they have no impact on a file's actual availability at the operating system level.
None of this restricts access to the filesystem in any way. So, users can still access all of the source media files via Windows Explorer. MC will refuse to play a file if opened (even from Windows Explorer) by a user without permissions for the file. But no other application will respect this restriction. Also, if you've created a user restriction via the Files to Show field in the Add User dialog, there is nothing to stop this user from simply re-opening the dialog and removing the filter.
Passwords for the users are stored encrypted, but a clever person with a hex editor could remove the user accounts completely from the library.
The purpose of the feature is not about security. It is about hiding "noise" from users who don't need to see it (or shouldn't have it shoved in their faces). It is, as Matt put it originally, that:
The possibilities here are pretty endless, but our goals for MC19 are modest. I want a simple way to not see Curious George when I sit down at the couch. We're not trying to make everything in MC fully multi-user.
Adding Users
1. Add a new user via View > User > Add User
2. Give the user a name, and a password if you want.
Repeat the above to create additional users. You can add any number of users. For each user, you can optionally specify search criteria in order to hide items from that user (detailed below).
Choosing the Active User
Switch users in Standard View using the View > User menu item.
In Theater View, the User name will be shown in the Top Roller of your Views, and you can navigate to it and then choose the user you want to use.
If the user has a password, you will be prompted for it:
Media Network Users
If you are using Media Network features, any connected clients (whether connected copies of MC, JRemote, Gizmo, or whatever) will "open as" whichever User is currently active on the server when first launched. In other words, whichever User happened to have been "last used", on the server, becomes is the "network client user setting". So, if you want to keep a default of a particular one of your users (the Everyday one, for example) then you'll want to make sure to leave the server set on the Everyday user when you're done using it.
In connected copies of Media Center, however (the HTPC in the Living Room, for example) you are able to switch the active user to any of the other options (using the above explained methods). But when you close and re-open the client copy, it will revert back to whatever is currently active on the server. Access to this ability to switch users depends on support in the client (it is not currently supported in JRemote), and if not supported, you will be restricted to the user set on the Server.
So what will often work best is if you have exactly this: An Everyday user (with no password) that you use regularly, and leave the Server set on (if using those features). And then you add a password to the Administrator account, and any other users you want restricted for some reason.
Automation
MC includes a MCC_SET_USER Core Command (22028) that can be used from the command line and from within scripts to switch select a specified user automatically.
To use this command, you can use the MC launcher from the command line with something like:
MC<version>.exe /MCC 22028,<nUserId>
To locate the nUserId for each user you've added to your system, open the user.jmd file in your Library in a text editor, and locate the UD for the user you'd like to use:
<XMLPH version="1.0"> <Item Name="WriteAccess">1</Item> <Item Name="ID">0</Item> <Item Name="VisibleFilesSearch"/> <Item Name="Password"></Item> <Item Name="DisplayName">Administrator</Item> </XMLPH><XMLPH version="1.0"> <Item Name="WriteAccess">1</Item> <Item Name="ID">1003</Item> <Item Name="VisibleFilesSearch">-[Media Sub Type]=[Adult]</Item> <Item Name="Password"></Item> <Item Name="DisplayName">Everyday</Item>
DO NOT MODIFY THIS FILE (doing so will damage the Library).
So, to switch to my Everyday user from the example above, using MC20, I'd use:
mc20.exe /MCC 22028,1003
Restrict Files or Users
The special Administrator account (which cannot be removed) will always see all files. For regular users, by default, all files will also be visible (so part of the "common shared library"). You have two ways to "restrict" access to files:
- the [User] Field for each file
- the Files to Show field available when you create a new user, or
User Field Restrictions
To restrict a file or files by the [User] field, add the username of the user that should see the files to the special [User] field. You can do this from the Tag Action Window (choose Also Show > User if needed). Then, only that user (and the Administrator) will see those files. In effect, you are "assigning" those files to that particular user.
So, for any files you want to be seen only by your kids, you'd pick their account in the [User] drop-down list. And, for yours, pick your account. If you messed them up, use the Administrator account to find them and fix them. All other files where this [User] field is blank (so, every file before you start this mission) will be shown to all users and part of the common library.
More than one user can own a particular file. If you assign two users to the same file (or files) then they will be able to see the files, but other users won't.
Files to Show User Restrictions
If instead of assigning files to a particular user, you want to restrict what that user can see in the library, you can add a Search Expression to the Files to Show box in the Edit User dialog (shown above). This will be applied in addition to whatever restrictions are applied by tagging individual files with a [User] tag. This method is probably best reserved for intermediately experienced users, but it can be handy when you want to restrict a particular user from certain categories of content.
As an example, if I added the following search to my "Snuggle Bunny" user above:
[Media Sub Type]=Adult
It would change the whole meaning of the pet name, and that user would see only things marked as adult (everywhere else in my Library would be blank). To do the reverse, for a child's account, for example, you use this instead:
-[Media Sub Type]=Adult
The upside to using the Files to Show restriction is that it doesn't block those files from other users inside MC (they remain within the "common user library"). And, it allows you to restrict files in a variety of categories from certain users "automatically" as you simply tag your files as you normally would anyway. With the User field method, you have to explicitly assign individual files to a particular user (and then only that user can see the files).
As a warning, these two items can exclude one another. So, using my example above where I assigned ABBA to the Kids and Snuggle Bunny users. If the Kids user has a search like the one above, and ABBA was classified as [Media Sub Type] == Adult, then the Kids still wouldn't see the files even if you (perhaps accidentally) assigned those files to them.
In this way, it is possible to hide some files from all users, so be a bit careful. If the files in question are assigned to only a particular user, and that user has a filter in Files to Show that prevents them from seeing those files, then no one but the Administrator would be able to see the files.
Also, note that the Edit Current User dialog box is not, itself, password protected. So there is nothing to stop a determined teenager from opening the same dialog box back up and removing the filter. As referenced above, this feature is designed for convenience, not security. If you need to keep files on your filesystem secret, you should encrypt them on a VeraCrypt volume.
Advanced Files to Show Searches
You can use this feature to create a wide variety of powerful searches in order to restrict files from particular users. However, remember that you don't need to construct these by hand. The simplest way to make a search is to make a Smartlist, and use that as your template. The Smartlist will show whatever files the user will see (when viewed from the Administrator's account).
To create a user called Everyday that hides files from a variety of categories, you could use a search like:
-[Media Sub Type]=[Adult],[Home Video],[Karaoke],[System],[Test Clip] -[Genre]=[Child],[Holiday]
For a Kids user, you could use a Files to Show setting of:
-[Media Sub Type]=[Adult],[Karaoke],[System],[Test Clip] [Genre]=[Child],[Family],[Kids]
You can use the full power of MC's Search Rules to construct pretty much any combination of filters you can dream up. For further information, please see the Smartlist and Search - Rules and Modifiers page.
Automatically Assigning a User At Import
If you want files from certain directories (or with certain other characteristics) to be automatically assigned to a particular user when new files are imported, you can use the Tag on Import feature of Auto-Import to automatically accomplish this task.
If you only want to assign all files imported in a particular watched directory to a particular user, this is simple.
- Open up the Auto-Import settings
- Edit the entry for the particular watched folder for which you'd like to add the tag
- Add the following Custom Rule to the Apply these Tags section:
Field: User Value: <Username>
However, it will often be convenient to use searches on the path of the files within a "larger" watched directory to automatically assign the user depending on the specific file path. Rules that use expressions are often useful to automatically assign tags to files when you have Auto-Import set up to watch an entire directory tree, and files within these can be identified by their subdirectory.
For example, if you have the entire C:\Users\ directory watched, so that all files of all users get picked up by MC. To assign files to the user "Snuggle Bunny" you'd add this rule:
Rule Field: User Value: If(IsEqual([Filename],Users\snugglebunny\Music,8),Snuggle Bunny,[User])
And, for yourself, you'd add:
Rule Field: User Value: If(IsEqual([Filename],Users\ABBAlvr78\Music,8),ABBAlvr78,[User])
Substituting your own usernames, of course.