BSN.Cloud offers a robust set of security and permissions features that allow you to protect your content and maintain the efficiency of your digital-signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.
This page describes the BSN.Cloud permissions system and how to use default System roles. By default, you will see only six predefined system roles having fixed permissions which you cannot edit. See Custom Roles and Object Permissions for more information about how to create a custom role, with custom permissions, or object permissions.
According to existing requirement in any point the access of selected Principal (Role or User instance) to execute the specific Business Operation under the specific securable Entity may be in one of the following states:
a) Permission is defined for this specific Principal, Entity, Business Operation and is editable. For example, you created a custom "Content Managers" Role and granted allowing/denying Permission to execute just "Content - View Content" Business Operation under the selected Media File - such Permission must be displayed with enabled/disabled active colored toggle switch and "remove" button;
b) Permission is defined for this specific Principal, Entity, parent Business Operation and is editable. For example, you created a custom "Content Managers" Role and granted allowing/denying Permission to execute "Content (Full Control)" Business Operation under the selected Media File. In this case the Permission to execute "Content - View Content" Business Operation is inherited from "Content (Full Control)" Business Operation and must be displayed with enabled/disabled active colored toggle switch but without the "remove" button;
c) Permission is defined for this specific Principal, parent Entity and is editable. For example, you created a custom "Content Managers" Role and granted allowing/denying Permission to execute any Business Operation under any new Content Folder. In this case the Permissions to execute all Business Operations under all Content Folders and Media Files down the hierarchy are inherited from the parent Content Folder and must be displayed with enabled/disabled active but grey toggle switch without the "remove" button;
d) Permission is defined for the parent Principal and is editable. For example, you created a custom "Content Managers" Role and granted allowing/denying Permission to execute any Business Operation under any new Content Folder or Media File. Then you assign a new User to this Role and view his Permissions. In this case the Permissions to execute all Business Operations under all Content Folders (except of his Personal Folder) and Media Files are inherited from his Role and must be displayed with enabled/disabled active but grey toggle switch without the "remove" button, same as in previous case;
e) Permission is defined for this or parent Principal, this or parent Business Operation, this or parent Entity and is not editable (has '[bool] IsFixed' flag set). These are Permissions defined for System Roles, Personal Folders, Special Groups, etc. They must be displayed with enabled/disabled but inactive and grey toggle switch without the "remove" button. I think the mouse cursor also should be changing to denying icon when it is over the toggle switch;
f) Permission is not defined neither for this nor for parent Principal, neither this nor parent Business Operation, neither this nor parent Entity. This is possible in case when you have a Role with incompletely defined Permissions and a User which don't extend and override them. Such state must be represented with disabled active grey toggle switch and without the "remove" button.
Permissions
You can view operations and object permissions while logged into BSN.Cloud.
All business operations defined in bsn.Content are organized into a tree structure, where permission granted to the parent operation may be inherited or overridden on the child operations. In order to review the complete set of business operations, you can open BrightAuthor:connected and go to the Admin > Roles page.
To distinguish inherited and specific permissions,
In Image 1, you can see the difference between fixed and custom permissions. Fixed permissions are defined by the system and get updated automatically as BrightSign adds new features to bsn.Content. You can hide specific or all system roles by clicking on the gear icon at the top right and selecting them under the Show System Roles menu item.
When you start defining operation permissions for a custom role, you should see a default state where all check boxes are empty. This means that a given custom role doesn’t have any defined permissions to execute the business operation specified on the left side of the table. When you check the box, this creates an allowing permission to all the members of a given role to execute that operation. If you expand the tree of operations, and change a state of a checkbox for a child operation, that will create a new, more granular, permission which overrides the parent one. For example, you can allow to execute the “Presentation (Full Control)” operation to a role responsible for content publishing and restrict their access to delete presentations by unchecking the box for “Delete Presentations” business operation.
Object permissions are accessible in the object Properties (under Security), For example, you can select the Network, Content, or Presentations tab, chose a player, content, or presentation, and view or change the permissions as shown below:
System Roles
These default roles have clearly defined roles and responsibilities and are provided with every BSN.Cloud account. These are the default System Roles:
Administrators
Systems administrators are responsible for keeping things running and should have sole permissions to add or delete users. If other users have this permission, they might accidentally delete a user, add a user who is not a member of the company, or change the permissions settings for a user or role.
Administrators have access to all BSN.Cloud features. This is the only role that allows you to edit the account status of other users: as a member of Administrators, you can add new users, delete existing users, and assign users to different roles; and create and edit Custom Roles.
The first user of a BSN.Cloud account will automatically be assigned to the Administrators role. If you are not the first user on your account, you will need to have that user assign you to the Administrators role.
Creators
The Creators role gives you complete control of content, including presentations, dynamic playlists, and Live Text feeds, but they cannot view or change schedules, groups, or devices. This role is best suited for those tasked solely with creating content for BrightSign players.
General Managers
General Managers have full control of content creation and distribution. They can log in to the network whenever they wish to check that pricing and product information is correct, and change, reassign, or reschedule presentations at any location.
The only permissions they don’t have are the user and account features that are unique to Administrators.
Network Managers
Network Managers control the company’s digital-signage infrastructure: a user assigned to this role can add, remove, maintain, and group together networked BrightSign players. In addition, they can view and delete (but not add or edit) certain kinds of content such as Dynamic Playlists, Live Text feeds, and presentations.
Someone assigned to this role might maintain BrightSign players, buy and set up additional players, and periodically clear the network of old presentations and drafts.
Publishers
Publishers can schedule when and where BrightSign presentations will be played and upload content. They do not have access to content that is uploaded to the company’s BSN.Cloud account.
For example, this role could be assigned to a member of the marketing department, who determines when sales will be announced, as well as what day of the week certain specials will be offered.
Viewers
Viewers can view almost all aspects of a digital-signage system: content, groups, hardware statuses, logs, and schedules. However, they cannot affect anything on the company’s BSN.Cloud account.
Assigning System Roles
Go to Admin > Roles in BrightAuthor:connected (you must be signed in to BSN.cloud).
Select the column at the top of the listing and select/deselect the type of permissions to add or delete.
