In general, when a user is in the Drive environment, Drive permissions apply. When a user is in the Content Hub environment, Content Hub permissions apply. When a user is in Brainshark, Brainshark content permissions apply. There are exceptions to this but the general rule will cover most of the use cases.
Navigating separate permissions might be challenging for our customers initially. However, the benefit of distinct permission roles provides more fine-grained control for various use cases. Another benefit is that current roles in one product will not grant unwanted permissions in an integrated one.
When in Content Hub
Who can add content from the Drive File selector?
- Have edit permissions for the Story (via Channels)
- Have a config bundle that is active for “Add files from Drive”
- Have a user account in Zunos/Drive and/or Brainshark
Publishers - Adding Content from Bigtincan Drive
Content Hub publishers are able to select and add files in the CH Story Drive file picker, even if they are not Drive admins
*Note: They do need a Drive account
This enables publishers in Content Hub to update stories without requiring them to be Drive admins who can add and manage content for Drive.
Step 1. Customers can restrict what a Content Hub publisher sees in the Add File > Bigtincan Drive modal by applying Groups in Drive. Selecting the group “IDAO” in Drive will ensure that only Hub publishers who are also in “IDAO” will see the content to select it.
*Note: If a folder in Drive is not assigned to a group, it defaults as visible to everyone (this is the opposite of Content Hub rules).
Step 2. Once it is assigned to a group or multiple groups, only those it is assigned to can see it. *Note: If a user is not in a group assigned to a specific Drive folder or a specific content item, then they cannot see that content or folder’s content within the Content Hub file selector and can not add it to the Story
Publishers - Adding Content from Brainshark via Bigtincan Drive
- Hub publishers need to have a Brainshark account for them to view and select Brainshark content in the Drive File Selector.
- *Note: They do not require Brainshark admin permissions to add content to a Story.
- The Hub publisher does require access to the Brainshark content.
- Ex. if the content is contained within a folder that the Hub publisher does not have access to, they will not see this content in the File selector.
Here are a few examples of Brainshark roles:
Company Admin - you will see all the content available in the File Selector regardless of Brainshark folders.
Learning Admin - You will be able to see the learning content that you have access to. You do not need edit or authoring permissions to select and add content to a Story. If you have access to presentations also, then you will be able to access those.
Learning Author - You will be able to add learning content you have access to in Brainshark
End User - Even though this might be rarely applied, a user with no Brainshark admin permissions can select and add Brainshark content if they have the proper Hub permissions to edit and publish Stories.
- For a publisher to view and select a presentation it must be available in search. If a course is created from a presentation hidden from search, the course will not be visible for selection either. Change the presentation setting to be visible in search.
- Courses need to be active and both courses and curriculums need to be open enrollment to be added to Hub
End Users -Viewing Brainshark content in Content Hub
A Hub user can open Brainshark content from a Story. When they have permissions to view, they will be able to interact with the content.
If they do not have the Brainshark permissions to view the content, they will see an “unavailable” message similar to the following. They will not be able to see any restrictions for the content until they attempt to open it.
Permissions for Bigtincan Drive
Who can login to Drive to add and edit content?
- Drive Admins need access to Drive by either:
- 9 Dots navigation with Drive or Zunos Admin
- Universal login
- Required to be a Drive administrator (Org or Basic)
- Org Admins are able to perform all actions within the Drive tenant
- Basic Admins can be limited to:
- Specified sections of the tenant (Users, Settings, etc)
- Content actions (view, edit, add)
- Content visibility (can restrict what folders and what content within folders they can seek)
- Basic Admin permissions can be applied by group, custom role, or by individual name and are managed by Org Admins
|Edit Content (Drive)||View Content (Drive)||Place Content in CH|
|Org Admin in Drive||Yes, all||Yes, all||Must have Story edit rights|
|Basic Admin In Drive||Requires Drive permissions||Requires Drive permissions||Must have Story edit rights|
|Publisher in CH||Must be Drive Basic Admin||Must be Drive Basic Admin||Must have Story edit rights|
|Publisher in CH with no Drive Access||NA||NA||
Must have Story edit rights.
Need a Drive user account
Admins in Drive can update content that they do not have access to in Content Hub. If the Drive content item is updated, then all placements in Hub will be updated. The initial placement of that content in Hub is managed by those with Hub Story edit rights.
How can a customer restrict content that Admins can access in Drive?
You can restrict access to specific content by creating a role and customizing permissions. For example, if you wanted to create a reviewer role, one could view content but not edit it.
Before you create the role, make sure:
- The user must have Basic admin permissions (User>Admin Level>Basic)
- Basic Admin must be restricted to only Drive (User>Menu Access>Drive)
- Create a role that has 0 permissions (No access Role)
- Create a role with permissions for editing, viewing and other content permissions. (Content Access Role)
- Navigate to the content item and click manage permissions.
- Select that user and apply the Content Access role for that user just for this content.
- The result is that they can only see that content and are permitted to select actions when in Drive. For that user, you are restricting all access by default and then granting access for specific content.