Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

BSN.Cloud offers a robust set of security and permissions features that allow you to protect your content and maintain the efficiency of your digital-signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.

This page will walk you through BSN.Cloud permissions system using the scenario of a hypothetical chain of donut shops. You will learn how to create and edit Object Permissions in conjunction with Custom Roles to meet the organizational needs of a large digital signage network. 

In order to create Custom Roles and edit object permissions, you need to have the Show Advanced Security Settings and Enable Custom Roles Management boxes checked. They are located in the Advanced section of the Account page.

Overview

Your company has now expanded to over 100 donut shops across the country. Menu pricing and offerings vary widely depending on region and availability: new donut recipes are introduced to certain test markets; different regions have different pricing structures; and certain stores offer regional favorites that are not offered elsewhere. Custom Roles are no longer enough to keep the network functional for the employees who use it. You need to limit or allow access according to the objects (media files, dynamic playlists, etc.) themselves.

Editing Object Permissions

The permissions for any object are accessed through the properties button, which is usually located below the name of the object.

  1. Click on the Security tab in the Properties window.

  2. Assign permissions for the object by role or by individual user.

    1. In the Assigned Roles tab, click the Add button and select the desired role. Remember that you can only edit permissions for Custom Roles.

    2. In the Assigned Users tab, click the Add button and select the desired user.

    3. You can now choose whether to “Allow” or “Deny” certain actions for a specific Dynamic Playlist, Live Text feed, etc.

Permissions settings for Users have higher priority than those for Roles, and permissions for Objects have higher priority than those for Operations. For example, if the Presentation Creators are restricted from creating Live Text feeds, but full control for the role is enabled for a certain Live Text feed, then the allowance for that specific object takes precedence over the general restriction for Presentation Creators.

Using Object Permissions

Store Managers

The company wants to give individual store managers some leeway in deciding which deals they want to promote—after all, they have the best idea what donuts are most popular in their neighborhood. Store managers need the ability to view various presentations and schedule them for the BrightSign players located in their store. However, assigning them a Custom Role based on Publishers does not completely solve this problem: they have access to the presentation schedules of every store in the nation, not just their own, and they might accidentally delete or modify them.

  1. Create a Custom Role based on Publishers.

  2. Assign all of the store managers to this role.

  3. Change the role so that the actions “View Groups” and “Change Schedule” in the Group category are denied.

  4. Make sure that each group of players reflects a different store location.

  5. Change the object permissions of each group on the network so that each user assigned to the custom Publishers role can only view and modify the group corresponding to his or her store.

You can also assign object permissions based on individual BrightSign players. This is helpful if you already organize groups in some other way (by region, by store type, etc.).

You have now created a system of object permissions that allows store managers to schedule menus and special offers only at their own store locations. You can customize this system even more: for example, if you want certain store managers to have access to certain menus or promotions depending on region or store type, you can use the object permissions for presentations to deny or allow access as you see fit.

Prototypes

The marketing department wants to upload an announcement for a new flavor of donut in order to test how it will look on a digital display. However, the board of directors is worried that the competition will get wind of this new flavor before it is rolled out across the nation. To minimize the risk of a leak, you want to make sure that, for the moment, only the employees directly involved with testing the announcement have the ability to view, edit, or schedule the presentation.

In order for this scenario to work, most or all users need to be assigned to Custom Roles. Just like operations permissions, the object permissions for the default System Roles cannot be edited.

You can limit access to this presentation either by role or by individual user. You can also allow access to a user who is working on this project but who doesn’t normally have access to presentations.

Keep in mind that there are other factors beside object permissions that can limit access to a presentation or other object. For example, you can give a user full permissions for a Dynamic Playlist object, but that user will not be able to save content changes to that Dynamic Playlist if the role restricts the “Assign Content” action in the Content permissions category. 


  • No labels