Managing permissions across screens, groups, playlists, and media

Introduction

InfoBox uses a consistent permissions model across resources. Screens, screen groups, playlists, and media folders each have their own Permissions panel. The pattern is the same on all of them: by default, every User in the organization has access; you can restrict access to specific Users when needed. There is no read-only role. Access is binary per resource: a User either sees and edits the resource, or doesn't see it at all.

Two roles: Admin and User

Recap of customer-facing roles:

• Admin: full access to everything in the organization. Cannot be locked out by per-resource permissions.
• User: default-full-access to operational resources, but can be locked out of specific screens, groups, playlists, or media folders by an Admin.
• There is no view-only / viewer / read-only role. Access is binary.

The Permissions panel

The same controls appear on every resource:

• Manage permissions (FI: Hallitse oikeuksia / Hallinnoi oikeuksia) opens the panel.
• Allow all users (FI: Salli kaikille käyttäjille / Kaikilla käyttäjillä on oikeus) toggles between unrestricted (everyone in the org has access) and restricted (only specific Users have access).
• Users tab: pick which specific Users have access when restricted.
• Save (FI: Tallenna) commits the change.
• Admins always have access regardless of the toggle.

Where to find each panel

Permissions live on each resource:

• Screens: open a screen, click Manage permissions in the screen editor.
• Screen Groups: open a group, click Manage permissions.
• Playlists: open a playlist, find the Permission management (FI: Käyttöoikeudet) section.
• Media folders: open a folder, click Manage permissions on the folder header.

The Everyone default

By default, new resources are open to everyone in the org:

• A newly created screen, group, playlist, or folder shows Everyone has access (FI: Kaikilla on käyttöoikeus).
• Switching to restricted shows the Restricted (FI: Rajoitettu) badge in the resource list.
• When unsure, leave it on Everyone. Restrict only when you have a clear reason (vendor scope, regional rollout, sensitive media).

How permissions interact

Permissions are independent per resource:

• A User can have access to a screen but not to a media folder containing the slide's image. They'll see the slide play but won't be able to edit the underlying file.
• A User can have access to a playlist but not to one of the screens it's assigned to. They can edit the playlist; they won't see that particular screen in their list.
• Screen Groups grant access to all the screens in the group at once, but each screen's individual permission still applies. The group is a fast way to set permissions on many screens; it doesn't override per-screen permissions.

Common permission patterns

Real-world examples:

• Cafeteria team: access to the cafeteria screen and the lunch-menu media folder. Nothing else.
• Marketing campaigns: Marketing has access to the campaign playlist and campaign media folder. Each location's screen is also open to Marketing for assignment.
• Vendor / contractor: access to one specific playlist they're working on. No screen access. They can build content but can't deploy it.
• Regional managers: access to a Screen Group for their region. Granted via the group, not each screen individually.

Summary

The same Permissions panel lives on screens, screen groups, playlists, and media folders. By default, everyone in the org has access. Restrict only when you need to. Admins always have access. There is no read-only role.