Customer Story

How snaatch uses Space Blocks for hierarchical permissions management

The Digital Asset Management system snaatch manages their fine-grained, hierarchical permissions structure with Space Blocks. Here is how.
6 min to read

The Digital Asset Management (DAM) snaatch is a powerful, web-based solution for creators and agencies, to archive, organize and share digital content effectively. A key feature of snaatch is collaboration, in which users can share files, folders or spaces privately with other users or publicly with shared links. snaatch chooses Space Blocks to offload handle permission management for them.

Challenges

The requirements for permissions in snaatch are complex, users from across company departments can be granted permissions to an entire tenant, or just a single file. Each of these roles requires a different set of feature restrictions like read-only access, being able to download or not, allowing to edit metadata, upload files or the allowance to curate files into shared spaces.

Additionally, permissions in snaatch can be inherited, meaning read permissions on a folder automatically grants read permissions on all containing files.

Digital Asset Management systems inherently handle bulk uploads, movements, and archiving of files, necessitating swift system reactions to promptly update permissions in response to these dynamic changes. So storing the permissions, together with the resources in the database and updating them dynamically, was not an option.

The challenges can be summarized as follows:

  • Different hierarchical levels, on which permissions can be granted (Tenant, Workspace, Folder or File)
  • Permissions can be inherited
  • Many fine granular access rights for each level
  • Assign permissions to single users and user groups
  • Ability to let users create custom roles for their tenants
  • Frequent changes in files and their stored location

The solution: Permissions as a Service

The snaatch team uses Space Blocks Permissions, to address all of the above challenges with a few API calls.

Permissions structure

Mirroring the hierarchical tree structure of the application in the Space Blocks Developer Portal and adding the available permissions to each level formed the foundation of snaatch’s permissions management journey.

Mapping our file structure to the Space Blocks Portal and seeing it visualized there, also helped us to gain overview of our own application, so that we copied the Permissions Tree to our internal documentation!

- snaatch Developer team

Besides defining the resources and their permission, the snaatch team also used the Developer Portal to define their permission inheritance and to select those permissions, that allow users to invite others or manage users.

Simplified screenshot of the snaatch permission structure
Simplified screenshot of the snaatch permission structure

Once the structure and permissions were set, it was time to define the roles. In snaatch, there is only one built-in role, the Administrator, which is available in every tenant. All other roles are custom roles and can be defined by the users within a snaatch tenant. Space Blocks Permissions supports both, defining built-in roles and adding custom roles manually by the users.

Technical implementation

Whenever a user opens the snaatch App, the snaatch Backend checks for Space Blocks, which Spaces and Folders this user is allowed to see, before querying the database and displaying the results to that user. For this, the List resources with permissions flow is used.  A similar check happens, when a user tries to open a file from a direct link. For this, the Check permissions flow does the job.

For sharing files, folders or spaces to users or groups by the Assign roles flows, the snaatch Frontend communicates directly with Space Blocks without taking the detour via snaatch’s Backend. The same direct connection is used, when the snaatch Frontend decides, whether to show a certain UI element to the current user based on their permissions via the List permissions flow. Communicating with Space Blocks directly from the Frontend, spares the Backend from unnecessary traffic and increases Frontend performance.

Conclusion

In their launch phase, snaatch faced the challenge of a tight budget and a looming deadline. To streamline their development process and meet their time-to-market goals, they completely offloaded the complexity of permission management to Space Blocks. This allowed their developers to focus on the core product while relying on Space Blocks to handle the intricate permission requirements.

By doing so, snaatch was able to bring their product to market quickly and efficiently, ensuring that they did not miss their short timelines. 🤝

At this place, we want to thank the amazing team at snaatch once more for their early trust and the great collaboration and feedback. Thank you, from the bottom of our hearts, for going this route together with us! ❤️