Roles and permissions in digital signage define who can do what, on which screens. In a 500-screen deployment across 10 buildings, you need marketing to update lobby content without accidentally breaking hospital wayfinding, and IT to push firmware updates without seeing content for the CEO's office. Without proper roles, one well-meaning intern can disrupt your entire signage network.
When Roles Matter
- Multi-department deployments — when marketing, HR, facilities, and IT all use the same signage system
- Compliance environments — ISO 27001, SOC2, and GDPR require documented access controls and audit trails
- Multi-site organizations — regional offices should manage their own content without affecting other sites
- Vendor access — when an AV integrator manages hardware but shouldn't access corporate content
How Roles and Permissions Work
Role Hierarchy
A typical digital signage deployment uses four role levels:
- Administrator — full access: user management, firmware updates, system settings, all content, all screens
- Content Manager — create, edit, schedule, and publish content to assigned screen groups. Cannot manage firmware or users
- Editor — modify and schedule content within assigned templates. Cannot create new templates or change system settings
- Viewer — read-only dashboard access. Monitor screen status, view content, report issues. Cannot change anything
Group-Based Access
Screens are organized into groups: by building, floor, department, or function (lobby, meeting rooms, cafeteria). Users are assigned roles per group. A Content Manager for "Building A" can modify all screens in Building A but sees nothing in Building B. This prevents cross-contamination and simplifies multi-team workflows.
Audit Trail
Every action is logged: content changes, schedule modifications, user logins, firmware updates. The audit trail answers: who did what, when, to which screens. Essential for compliance audits and for debugging unexpected content changes at 2 AM.
Key Parameters
| Capability | SpinetiX Arya | SpinetiX Elementi |
|---|---|---|
| Custom roles | Yes, granular permissions | Windows ACL-based |
| Screen groups | Unlimited, hierarchical | Folder-based organization |
| Audit logging | Full action history | File system logs |
| SSO / LDAP | SAML 2.0 / OIDC (enterprise plans) | Windows Active Directory |
| Multi-tenant | Yes, isolated tenants | Separate installations |
| API access control | Token-based with role scoping | Local authorization |
Common Mistakes with Roles
- Giving everyone admin access. One admin role for 20 users means no accountability and maximum risk. Define the minimum permissions each role needs and enforce them.
- No screen grouping. If all 500 screens are in one flat list, content managers can accidentally push CEO-floor content to the cafeteria. Group screens by function and assign roles per group.
- Ignoring audit trails. When the lobby screen shows the wrong content at 3 AM, you need to know who changed it. Enable audit logging from day one, not after the first incident.
- Not planning for staff turnover. When an employee leaves, their signage access must be revoked immediately. Integrate with Active Directory or SSO so access is managed centrally. CMS role management →