VBrick Digital Signage Technical Manual

VBrick Digital Signage Technical Manual

VBrick Digital Signage Technical Manual

VBrick Digital Signage Security

VBrick Digital Signage security is implemented by means of individual user accounts with varying levels of role-based security. The user is only presented data and controls for which they have rights to manage.

Options

VBrick Digital Signage has an internal security system or Enterprise users can choose to use Active Directory for Authentication.

VBrick Digital Signage Internal Security

Factory Default Accounts

VBrick Digital Signage systems come from the factory with two default user accounts. They are:

Account Name

administrator default

Password

vbrick vbrick

Role

System Administrator

Content Approver

Passwords

Passwords are managed from System Tools| Change Password. The minimum length is one character. There are no complexity requirements in VBrick Digital Signage. If your network policies require strong passwords you will have to manage that manually. Go to the Configure | Security menu to define password rules.

Role-based security explanation

Role-based security is a security model where users are granted access to features of the system based on the role with which they have been assigned. A role is essentially a definition of the tasks for which a user assigned that role is responsible.

A user of VBrick Digital Signage performs actions upon VBrick Digital Signage. Each action that a user might perform requires that user to have been granted the privilege to perform that specific action. To grant each user each individual privilege to which they are entitled would be impractical. Instead, privileges

84

 VBrick Digital Signage Security are combined into groups, or roles, and these roles are assigned to users. The roles are defined once (but may be modified at any time) and used for as many users as desired.

Predefined Roles

These are the roles that come predefined in VBrick Digital Signage.

System Administrator - Administers all aspects of the VBrick Digital Signage installation.  Includes all privileges. It cannot be modified.

Content Approver - Approves content (bulletins and crawls) on behalf of other VBrick Digital Signage users.  Includes the following privileges: l

Approve Crawllist Item l

Approve Playlist Item l

Approve Spot l

Approve Video Program l

Create Any Bulletin l

Create Crawl Text l

Create Crawllist Item l

Create Custom Templates l

Create Playlist Item l

Create Shared Folder l

Create Spot l

Create Stream Program l

Create Video Program l

Global Dictionary l

Import Resource l

Login Interactively l

Manage Alerts l

Manage Backgrounds l

Manage Events l

Manage Stock l

Manage Weather l

Schedule Crawllist Item Forever l

Schedule Playlist Item Forever l

Set Message Importance l

Use Templates to Create Bulletin

85

VBrick Digital Signage Technical Manual

Content Creator - Creates content (bulletins and crawls) to be displayed on VBrick Digital Signage devices. Includes the following privileges: l

Create Any Bulletin l

Create Crawl Text l

Create Crawllist Item l

Create Playlist Item l

Create Spot l

Create Stream Program l

Create Video Program l

Login Interactively l

Schedule Crawllist Item Forever l

Schedule Playlist Item Forever l

Use Templates to Create Bulletin

Template User - This role is for the use of creating bulletins from existing templates only. It has been assigned the ‘Use Templates to Create Bulletin’ privilege. No other privileges, other than to Login Interactively, have been assigned to it by default.

Privilege List

Privilege

Activate Mass Alert Notification

Administer Content

Settings

Description

Grants the user permission to activate mass alert notifications. The following screens are available with this privilege:

Configure | Mass Alert Notification, Configure | Chan-

nel Players | Hardware Groups | Alert Notification, and

Activate Mass Alert.

Grants the user ability to change the settings that govern content creation and rendition. These settings are maintained in

System

| Content Settings and System | Manage Displays. This is a powerful privilege that should be reserved to administrators.

Administer Crawllist

Groups

Administer Display

Groups

Administer Playlist

Grants the user ability to administer crawllist groups.

Grants the user ability to administer display groups

Grants the user ability to administer playlist groups

86

Groups

Administer Roles

Administer Screensaver

Administer Users

Approve Crawllist Item

Approve Playlist Item

Approve Spot

Approve Stream Program

Approve Video Program

Create and Schedule

Layouts

Create Any Bulletin

Create Crawl Text

 VBrick Digital Signage Security

Grants the user ability to add, change and remove roles from the system.

Grants the user ability to administer the

Screensaver Plug-in.

Grants the user ability to add, change and remove users from the system.

Grants the user the ability to approve their own or other users’ crawls submitted to a crawllist. A user with this privilege can only approve crawls on crawllists they can access. When a user with this privilege schedules a crawl it is automatically approved and starts playing.

Grants the user the ability to approve their own or other users’ messages submitted to a playlist. A user with this privilege can only approve messages on playlists they can access. When a user with this privilege schedules a message it is automatically approved and starts playing.

Grants the user ability to approve MPEG Player Spots.

Grants the user ability to approve Streaming Video Programs.

Grants the user ability to approve External Video Programs.

Grants the  user to privilege to create and schedule layouts. The following screens are available with this privilege:

Configure | Signage Players | Lay-

outs and Configure | Signage Players | Layout Schedule.

The display layout editor is also available in VBrick Desktop.

Grants the user ability to create a new message. Users can create messages from any valid message creation source, based on the licensing of the system. This privilege does not give a user the ability to schedule or approve messages.

Grants the user ability to create a new crawl.

Users can create crawls from any valid crawl creation source, based on the licensing of the system. This privilege does not give a user the

87

VBrick Digital Signage Technical Manual

Create Crawllist Item

Create Custom Templates

Create Desktop Message

Create Playlist Item

Create Shared Folder

Create Spot

Create Stream Program

Create Text Message

Create Video Program

Global Dictionary

Import Resource ability to schedule or approve crawls.

Grants the user ability to schedule a crawl on one or more crawllists. A user can only schedule crawls on crawllists they can access. This privilege does not give a user the ability to approve a crawl, therefore it will not start playing just because it is scheduled.

The ‘Create Custom Templates’ privilege gives permission to users to create and edit Templates in VBrick Desktop and the ability to delete Templates in

Manage | My Templates inside the

User Interface. Both the System Administrator and Content

Approver have this privilege by default.

Grants the user ability to create new desktop messages

Grants the user ability to schedule a message on one or more playlists. A user can only schedule messages on playlists they can access. This privilege does not give a user the ability to approve a message, therefore messages will not start to play until someone with approval privileges appoves them.

Grants the user ability to create shared folders that everyone can view. Shared folders can group messages and/or crawls. Most users do not need this privilege as every user can create personal folders for this purpose.

Grants the user ability to schedule MPEG Player Spots.

Grants the user ability to schedule Streaming Video Programs.

Grants the user ability to create text messages. This feature is not licensed.

Grants the user ability to schedule External Video

Programs. This feature is not licensed.

Grants the user ability to update the global dictionary the spell check uses.

Grants the user ability to upload and import external files into the clipart library. This privilege does not have anything to do with

88

 VBrick Digital Signage Security

Login Interactively

Manage Alerts

Manage Backgrounds

Manage Events

Manage Stock

Manage Weather

Schedule Crawllist Item Forever

Schedule Playlist Item Forever

Set Message Importance

Use Crawllist Groups

Use Display Groups

Use Playlist Groups

Use Templates to Create Bulletin

View Player Snapshots uploading images during message creation. This privilege should be granted sparingly because large video files can take up valuable disk space.

Grants the user ability to login to the web interface.

Grants the user ability to manage alert playlists and alert crawllists. This privilege is not very useful by itself. It must normally accompany Create Playlist Item and/or Create Crawllist Item. It is ever more useful when you add Approve Crawllist Item and/or

Approve Playlist Item.

Grants the user ability to add, change and delete background images available within VBrick Digital Signage.

Grants the user ability to add, change and remove Event Schedule events, rooms, event types and event statuses

Grants the user ability to add, change and remove Stock values.

This feature is not licensed.

Grants the user ability to add, change and remove weather icons, locations, current conditions and forecasts

Grants the user ability to schedule a crawllist item forever.

Without this privilege the option “Forever” does not appear in the schedule crawl screens.

Grants the user ability to schedule a playlist item forever. Without this privilege the option “Forever” does not appear in the schedule message screens.

Grants the user the ability to set message priority when the Publisher Distribution Scheme is set to Multi-Tier Distribution with

Message Importance.

Grants the user ability to use crawllist groups

Grants the user ability to use display groups

Grants the user ability to use playlist groups

Grants users the ability to create a new message from existing templates inside the User Interface.

Allows users to see the Signage Player Snapshots screen under

Now Playing | Player Snapshots. By default, this privilege is

89

VBrick Digital Signage Technical Manual given only to the Administrator Role.

ActiveDirectory for Authentication

VBrick Digital Signage Active Directory authentication enables users to access the VBrick Digital Signage

Web User Interface without need for a manual login (pass-through login). If a user is not authorized or is unknown by the Active Directory integration, then the classic VBrick Digital Signage login page appears. It is available only with the Enterprise license.

See the

Feature Configuration Guide

for instructions on configuration.

Considerations

The following should be considered when planning Active Directory integration with VBrick Digital Signage: l

The customer’s IT department should be involved in the decision as to whether this feature will be used l

AD integration provides only authentication to the system l

Which user credentials will be used: o

Groups (AD), or o

Name (Domain\User)

NOTE: VBrick Digital Signage usernames are limited to a maximum of 20 characters l

Unique VBrick Digital Signage user accounts must be created to map to each AD Group or User

Integration Options

These options control the Active Directory integration.

l on - “true” turns integration on, while “false” turns it off.

l type - “Windows” indicates Windows authentication.  No other option is l currently supported.

principalId - “UserId” indicates to use the user’s account name (domain\userid) for login, while

“GroupId” indicates to use one of the user’s group account names (domain\groupid) for login.  If

GroupId is chosen, you can control the order of precedence for the groups.

l dropAuthority - “true” causes the ‘domain\’ portion of the user and group names to be removed before login is attempted (‘domain\id’ would be transformed into ‘id’ before performing login). This

90

 VBrick Digital Signage Security is helpful if all users and groups are within the same domain. Aliases are more powerful, though, and are typically safer than dropAuthority; “false” uses the fully qualified principalId.

GroupPrecedences Options

As principals can be members of multiple groups, you can specify the precedence of each group. Principal groups will be searched based on this precedence. Group Precedence is applicable only when Integration principalId = “GroupId”. These options control the order in which group membership is evaluated.

l count - The number (integer) of GroupPrecedence entries in the list.

l usingAliases - “true” indicates the list is comprised of aliases (VBrick Digital Signage usernames) as defined in the Aliases section, rather than actual domain\groupid names.  “false” indicates the l list is comprised of domain\groupid names.

GroupPrecedence1…N - Each entry must be numbered from 1 to count. The order you define here controls the evaluation order for membership. This is to give grant/deny capability similar to Windows ACL editor.

l name - The domain\groupid, or alias name (VBrick Digital Signage username) as defined in the Aliases section, of the group. You cannot intermix aliases and domain\groupid full names.

NOTE: If you set dropAuthority = “true” in the <Integration> section, then do not enter the authority (‘domain\’) portion here. Enter only the UserID or GroupID.

Aliases Options

The Content Manager enforces a limit of 20 characters for the principal’s ID. In order to accommodate longer ID’s you can alias the network user or group ID. If aliases are configured, the user’s credentials are modified with them before any login logic is executed. If used, aliases must be used as principal IDs on the

Content Manager. These options define user and group aliases that are substituted before login is attempted.

l count - The number (integer) of Alias entries in the list.

l

Alias1…N - Each entry must be numbered from 1 to count.

l name - The actual network ID (domain UserID or GroupID) the alias substitutes.

NOTE: If you set dropAuthority = “true” in the <Integration> section, then do not enter the authority (‘domain\’) portion here.  Enter only the UserID or GroupID.

91

VBrick Digital Signage Technical Manual l value - The alias (value that is substituted) for the network ID,  i.e., the VBrick Digital Signage username.

Logout Options for Active Directory Integration

A redirect page has been created to avoid issues of Active Directory disconnection and User Interface freezing. To enable this page, type “timeout.aspx” as the value for “AlternateLogoutUrl”. With this page enabled VBrick Digital Signage will automatically refresh the Active Directory login if it times out or if the logout button is clicked.

<!-- Specify AlternateLogoutUrl to specify an alternate URL to REDIRECT to after logout has completed. -->

<add key=”AlternateLogoutUrl” value=”timeout.aspx”/>

VBrick Desktop and Active Directory Integration

The VBrick Desktop, which can be installed onto a separate computer, is configured for Active Directory integration. 

Active Directory Support for Firefox

To use Active Directory with the Firefox browser, a Firefox add-on is required. The add-on may be found at https://addons.mozilla.org/en-US/firefox/addon/integrated-auth-for-firefox/

.

Once installed, the site configuration can be accessed from the Application menu or from the Tools menu: l

From Main menu:

Tools | Integrated Authentication Sites

l

From App menu:

Firefox | Options | Integrated Authentication Sites

l

In the NTLM/Integrated Authentication screen add the VBrick Digital Signage web site address

92

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement

Table of contents