Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 55 Next »

BSN.Cloud offers a robust set of permissions features that allow you to protect your content and maintain the efficiency of your digital signage system—no matter how large it gets. These security features are scalable: you can choose exactly how complex you want your permissions system to be depending on the needs of your organization.

This page describes the BSN.Cloud permissions system and how to use the six predefined System Roles, which have fixed permissions that you cannot edit. A separate Custom Roles page describes how to create additional roles with custom permissions.

Role and User Access States

Role and user access can be in one of the following states:

  • An editable permission for a specific principal, entity, or operation has an enabled/disabled active toggle switch and a "remove" button.

    • For example, a custom Content Managers role with permission to execute just the Content - View Content operation under the selected Media File

  • An editable permission for a specific principal, entity, or parent operation has an enabled/disabled active toggle switch but without the "remove" button.

    • For example, a custom Content Managers role with permission to execute the Content (Full Control) operation under the selected Media File. In this case, the permission to execute the Content - View Content operation is inherited from Content (Full Control).

  • An editable permission is defined for a specific principal, parent entity. These permissions are displayed with enabled/disabled active. The toggle switch is grey and does not have a "remove" button.

    • For example, a custom Content Managers role has permission to execute any operation under any new content folder. These permissions are inherited from the parent content folder.

  • An editable permission is defined for a parent principal. It is displayed with enabled/disabled active and the toggle switch is grey and does not have a "remove" button.

    • For example, a custom Content Managers role has permission to execute any operation under any new content folder or media file. If you assign a new user to this role and view their permissions, the permissions to execute all operations under all content folders (except of their personal folder) and media files are inherited from their role.

  • If permissions are defined for a parent principal, operation, or parent entity and are not editable, they will be displayed with enabled/disabled but inactive and a grey toggle switch without the "remove" button.

    • These are permissions defined for System Roles, Personal Folders, Special Groups, etc.

  • If permissions are not defined for a parent principal, operation, or parent entity, the toggle switch is disabled and grey. There is no "remove" button.

    • An example would be a role with incompletely defined permissions and a user who doesn't extend and override them.

Object and Operations Permissions

You can view operations and object permissions while logged into BSN.Cloud.

bsn.Content operations are organized in a tree structure that lets parent permissions be either inherited or overridden on child operations in the BrightAuthor:connected Admin > Roles page:

Screenshot 2024-10-31 at 11.15.48 AM.png

Image 1 shows both fixed and custom permissions. Fixed permissions are defined by the system and are updated automatically as BrightSign adds new features to bsn.Content. Custom roles (see How to Create Custom Roles for details) have no permission by default, but you can define operations permissions by role, or define role permissions more granularly in the checkboxes of the operations tree. For example, you can give Presentation (Full Control) permissions to a content publishing role but ensure that they cannot delete presentations by unchecking Delete Presentations.

Operation permissions affect all entities of a given type, but have lower priority than object permissions. They are useful for defining a baseline security policy which then can be adjusted by more granular object permissions. Object permissions are accessible in the object Properties (under Security). For example, you can select the Network, Content, or Presentations tab, chose a player, content, or presentation, and view or change the permissions as shown in Image 2. For more information about creating object permissions, see the Object Permissions page.

Screenshot 2024-10-31 at 11.29.29 AM.png

System Roles

Screenshot 2024-11-07 at 11.40.07 AM.png

These default roles have clearly defined roles and responsibilities and are provided with every BSN.Cloud account. You can hide specific or all system roles by clicking on the gear icon at the top right and selecting them under the Show System Roles menu item, as shown in Image 3.

These are the default System Roles:

Administrators

Systems administrators are responsible for keeping things running and should have sole permissions to add or delete users. If other users have this permission, they might accidentally delete a user, add a user who is not a member of the company, or change the permissions settings for a user or role.

Administrators have access to all BSN.Cloud features. This is the only role that allows you to edit the account status of other users: as a member of Administrators, you can add new users, delete existing users, and assign users to different roles; and create and edit Custom Roles.

The first user of a BSN.Cloud account will automatically be assigned to the Administrators role. If you are not the first user on your account, you will need to have that user assign you to the Administrators role.

Creators

The Creators role gives you complete control of content, including presentations, dynamic playlists, and Live Text feeds, but they cannot view or change schedules, groups, or devices. This role is best suited for those tasked solely with creating content for BrightSign players.

General Managers

General Managers have full control of content creation and distribution. They can log in to the network whenever they wish to check that pricing and product information is correct, and change, reassign, or reschedule presentations at any location.

The only permissions they don’t have are the user and account features that are unique to Administrators. 

Network Managers

Network Managers control the company’s digital-signage infrastructure: a user assigned to this role can add, remove, maintain, and group together networked BrightSign players. In addition, they can view and delete (but not add or edit) certain kinds of content such as Dynamic Playlists, Live Text feeds, and presentations. 

Someone assigned to this role might maintain BrightSign players, buy and set up additional players, and periodically clear the network of old presentations and drafts.

Publishers

Publishers can schedule when and where BrightSign presentations will be played and upload content. They do not have access to content that is uploaded to the company’s BSN.Cloud account.

For example, this role could be assigned to a member of the marketing department, who determines when sales will be announced, as well as what day of the week certain specials will be offered.

Viewers

Viewers can view almost all aspects of a digital-signage system: content, groups, hardware statuses, logs, and schedules. However, they cannot affect anything on the company’s BSN.Cloud account.

Assigning System Roles

  1. Go to Admin > Roles in BrightAuthor:connected (you must be signed in to BSN.cloud).

  2. Select the column at the top of the listing and select/deselect the type of permissions to add or delete.

Screenshot 2024-10-31 at 1.24.02 PM.png

  • No labels