BSN.Cloud offers a robust set of permissions features that allow you to protect your content and maintain the efficiency of your digital-signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.
...
An editable permission for a specific principal, entity, or operation has an enabled/disabled active toggle switch and a "remove" button.
For example, a custom Content Managers role and with permission to execute just the Content - View Content operation under the selected Media File
An editable permission for a specific principal, entity, or parent operation has an enabled/disabled active toggle switch but without the "remove" button.
For example, a custom Content Managers role and with permission to execute the Content (Full Control) operation under the selected Media File. In this case, the permission to execute the Content - View Content operation is inherited from Content (Full Control).
An editable permission is defined for a specific principal, parent entity. These permissions are displayed with enabled/disabled active. The toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder. These permissions are inherited from the parent content folder.
An editable permission is defined for a parent principal. It is displayed with enabled/disabled active and the toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder or media file. If you assign a new user to this role and view their permissions, the permissions to execute all operations under all content folders (except of their personal folder) and media files are inherited from their role.
If permissions are defined for a parent principal, operation, or parent entity and are not editable, they will be displayed with enabled/disabled but inactive and a grey toggle switch without the "remove" button.
I think the mouse cursor also should be changing to denying icon when it is over the toggle switch.These are permissions defined for System Roles, Personal Folders, Special Groups, etc.
If permissions are not defined for a parent principal, operation, or parent entity, the toggle switch is disabled and grey. There is no "remove" button.
An example would be a role with incompletely defined permissions and a user who doesn't extend and override them.
...
You can view operations and object permissions while logged into BSN.Cloud. All business operations defined in bsn.Content are organized into a tree structure, where permission granted to the parent operation may be inherited or overridden on the child. To review the complete set of business operations, open BrightAuthor:connected and go to the Admin > Roles page.
...
Image 1 shows the difference between both fixed and custom permissions. Fixed permissions are defined by the system and are updated automatically as BrightSign adds new features to bsn.Content. By default, all check boxes will be empty when you start defining operation permissions for a custom role, so the role doesn’t have defined permissions to execute the operation on the left side of the table. When you check the box, this allows all the members of a given role to execute that operation. You can expand the operations tree to create more granular permissions which override the parent permissions. You can create custom roles (see How to Create Custom Roles for details). Custom roles have no permission by default but you can select check boxes to define operations permissions by role, or define role permissions more granularly in the operations tree. For example, you can give Presentation (Full Control) permissions to a content publishing role but ensure that they cannot delete presentations by unchecking Delete Presentations.
...