BSN.Cloud offers a robust set of permissions features that allow you to protect your content and maintain the efficiency of your digital-signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.
...
An editable permission for a specific principal, entity, or operation has an enabled/disabled active toggle switch and a "remove" button.
For example, a custom Content Managers role and with permission to execute just the Content - View Content operation under the selected Media File
An editable permission for a specific principal, entity, or parent operation has an enabled/disabled active toggle switch but without the "remove" button.
For example, a custom Content Managers role and with permission to execute the Content (Full Control) operation under the selected Media File. In this case, the permission to execute the Content - View Content operation is inherited from Content (Full Control).
An editable permission is defined for a specific principal, parent entity. These permissions are displayed with enabled/disabled active. The toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder. These permissions are inherited from the parent content folder.
An editable permission is defined for a parent principal. It is displayed with enabled/disabled active and the toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder or media file. If you assign a new user to this role and view their permissions, the permissions to execute all operations under all content folders (except of their personal folder) and media files are inherited from their role.
If permissions are defined for a parent principal, operation, or parent entity and are not editable, they will be displayed with enabled/disabled but inactive and a grey toggle switch without the "remove" button.
I think the mouse cursor also should be changing to denying icon when it is over the toggle switch.These are permissions defined for System Roles, Personal Folders, Special Groups, etc.
If permissions are not defined for a parent principal, operation, or parent entity, the toggle switch is disabled and grey. There is no "remove" button.
An example would be a role with incompletely defined permissions and a user who doesn't extend and override them.
...
Image 1 shows the difference between fixed and custom permissions. Fixed permissions are defined by the system and are updated automatically as BrightSign adds new features to bsn.Content. By default, all check boxes will be empty when you start defining operation permissions for a custom role, so the role doesn’t have defined permissions to execute the operation on the left side of the table. When you check the box, this allows all the members of a given role to execute that operation. If you You can expand the operations tree and change a state of a checkbox for a child operation, that will create a to create more granular permission permissions which overrides override the parent onepermissions. For example, you can allow to execute the give Presentation (Full Control) operation permissions to a role responsible for content publishing and restrict their access to role but ensure that they cannot delete presentations by unchecking the box for Delete Presentations.
Operation permissions affect all entities of a given type, but have lower priority than object permissions. They are useful for defining a baseline security policy which then can be adjusted by more granular object permissions. Object permissions are accessible in the object Properties (under Security). For example, you can select the Network, Content, or Presentations tab, chose a player, content, or presentation, and view or change the permissions as shown in Image 2. For more information about creating object permissions, see the Object Permissions page.
...