...
This page describes the BSN.Cloud permissions system and how to use defaultSystem roles. By default, you will see only six predefined system roles having fixed permissions which you cannot edit. A separate Custom Roles page describes how to create additional roles with custom permissions.
Selected role Role or user instance access to execute a business an operation under an entity may be in one of the following these states:
Permission Types
A permission for a specific Principalprincipal, Entityentity, or Business Operation business operation that is editable:.
For example, you created a custom Content Managers role and granted allowing/denying permission to execute just the Content - View Content business operation under the selected Media File - such permission is displayed with enabled/disabled active colored toggle switch and a "remove" button
A permission for a specific Principalprincipal, Entityentity, or parent Business Operation business operation that is editable:.
For example, you created a custom Content Managers role and granted allowing/denying permission to execute the Content (Full Control) business operation under the selected Media File. In this case the Permission to execute the Content - View Content business operation is inherited from Content (Full Control) and is displayed with enabled/disabled active colored toggle switch but without the "remove" button
...
Permission is defined for this specific Principalprincipal, parent Entity and is editable.
For example, you created a custom Content Managers role and granted an allowing/denying permission to execute any business operation under any new content folder. In this case the permissions to execute all business operations under all content folders and media files down the hierarchy are inherited from the parent content folder and must be are displayed with enabled/disabled active but grey toggle switch without the "remove" button
Permission is defined for the parent Principal principal and is editable.
For example, you created a custom Content Managers role and granted an allowing/denying permission to execute any business operation under any new content folder or media file. Then you assign a new user to this role and view his permissions. In this case the permissions to execute all business operations under all content folders (except of his personal folder) and media files are inherited from his role and must be are displayed with enabled/disabled active but grey toggle switch without the "remove" button, same as in the previous case.
Permission is defined for this or parent Principal, this or parent Business Operation, this or parent Entity and is not editable (has '[bool] IsFixed' flag set). These are Permissions defined for System Roles, Personal Folders, Special Groups, etc. They must be displayed with enabled/disabled but inactive and grey toggle switch without the "remove" button. I think the mouse cursor also should be changing to denying icon when it is over the toggle switch.
Permission is not defined neither for this nor for parent Principal, neither this nor parent Business Operation, neither this nor parent Entity. This is possible in case when you have a Role with incompletely defined permissions and a user which doesn't extend and override them. Such state must be represented with disabled active grey toggle switch and without the "remove" button.
...
In Image 1, you can see the difference between fixed and custom permissions. Fixed permissions are defined by the system and are updated automatically as BrightSign adds new features to bsn.Content. By default, all check boxes will be empty when you start defining operation permissions for a custom role. This means that a given custom role doesn’t have any defined permissions to execute the business operation specified on the left side of the table. When you check the box, this creates an allowing permission to allows all the members of a given role to execute that operation. If you expand the tree of operations, and change a state of a checkbox for a child operation, that will create a new, more granular, permission which overrides the parent one. For example, you can allow to execute the Presentation (Full Control) operation to a role responsible for content publishing and restrict their access to delete presentations by unchecking the box for Delete Presentations business operation.
...