BSN.Cloud offers a robust set of permissions features that allow you to protect your content and maintain the efficiency of your digital signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.
...
Operation permissions affect all entities of a given type, but have lower priority than object permissions. They are useful for defining a baseline security policy which then can be adjusted by more granular object permissions. Object permissions are accessible in the object Properties (under Security). For example, you can select the Network, Content, or Presentations tab, chose a player, content, or presentation, and view or change the permissions as shown in Image 2.
...
Object Permissions
Object permissions can be granted to users and roles to allow or deny execution of certain business operations and the specific instances of a given entity type. They are typically used for overriding operation permissions which describe a general security policy. You can manage object permissions for the entities of content, dynamic and tagged playlist, live text and media feed, presentation, group and player types. In order to do that, see Object Permissions.
Role and User Access States
Permissions granted to users on the object level have the highest priority but the narrowest scope. Permissions granted to roles on the object level have second priority and may be overridden by user permissions. Permissions granted to roles on the operation (Admin-Roles page) level have the lowest priority but the widest scope.
Role and user access can be in one of the following states:
An editable permission for a specific principal, entity, or operation has an enabled/disabled active toggle switch and a "remove" button.
For example, a custom Content Managers role with permission to execute just the Content - View Content operation under the selected Media File
An editable permission for a specific principal, entity, or parent operation has an enabled/disabled active toggle switch but without the "remove" button.
For example, a custom Content Managers role with permission to execute the Content (Full Control) operation under the selected Media File. In this case, permission to execute Content - View Content is inherited from Content (Full Control).
An editable permission is defined for a specific principal, parent entity. These permissions are displayed with enabled/disabled active. The toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder. These permissions are inherited from the parent content folder.
An editable permission is defined for a parent principal. It is displayed with enabled/disabled active and the toggle switch is grey and does not have a "remove" button.
For example, a custom Content Managers role has permission to execute any operation under any new content folder or media file. If you assign a new user to this role, permissions to execute all operations under all content folders (except their personal folder) and media files are inherited from their role.
If permissions are defined for a parent principal, operation, or parent entity and are not editable, they will be displayed with enabled/disabled but inactive and a grey toggle switch without the "remove" button.
These are permissions defined for System Roles, Personal Folders, Special Groups, etc.
If permissions are not defined for a parent principal, operation, or parent entity, the toggle switch is disabled and grey. There is no "remove" button.
For example, a role with incompletely defined permissions and a user who doesn't extend and override them.