This document introduces how to synchronize users and manage passwords and users after data is connected to FineBI, assisting in maintaining system security and improving working efficiency.
The following figure shows what these operations involve.
Target group: platform administrator
The FanRuan platform is often used as an application by enterprises, of which main user data is stored in the frequently used business or personnel systems. To ensure the consistency of user data between the FanRuan platform and other systems, you are advised to configure user synchronization at the beginning of the setup.
A great amount of real production data is stored in the FineBI system, and users' passwords for logging in to the system are crucial for data security. Therefore, strategies to protect user passwords must be implemented to prevent information leakage.
FanRuan platform provides multiple password policy options (Password Policy Setting), allowing enterprises to configure them as needed.
1. FanRuan platform features a user system with two independent layers: department and role. Both layers support many-to-many configurations.
2. For enterprises, the user tree consisting of departments and positions is a relatively stable structure that will not change with the introduction of any platform. The fixed and basic information can be synchronized from the personnel information in FineBI directly. The role configuration is to serve the needs of viewing and using data, and the hierarchical structures of the folder/dashboard directory in the enterprises need to be considered for role designing.
3. In the capability matrix of data, roles can be roughly divided into:
Data viewing role
Data usage role
Dashboard viewing role
Dashboard directory managing role
4. In terms of job functions, roles can be roughly divided into:
Regular viewing users
Managing users
Authorizing users
Example: FanRuan Internal BI System for Role Management Practice
FanRuan operates under a business-functional matrix structure daily. Therefore, in role planning, each user will be synchronized with four basic roles. With these four basic roles, the company can satisfy approximately 80% of daily permission management requirements.
First-level organizational role: reserved, not in use
Business role: the business team to which the user belongs, mainly used for the permission control of business data
Functional role: the functional line to which the user belongs, mainly used for the permission control of functional data
Business-functional role: the role produced by the combination of the above two roles, mainly used to meet the detailed permission management needs of the large business team
For example, user Jack is a product manager for the BI self-service analysis team (second-level organization) in the BI product line (first-level organization) of FanRuan. Data related to the user include:
Data related to the development of BI business, such as customer profile data, function usage data, plugin download-related data, etc.
Data related to product functions, such as demand processing progress, scenario recording progress, etc.
Therefore, the user is assigned three basic roles through the system:
Business role: Team - BI self-service analysis
Functional role: Function - Product team
Business-functional role: Team function - BI self-service analysis team - Product team
For FanRuan, managing the business team data with the second-level organization is sufficient to meet the permission control requirements. Enterprises should fully consider actual conditions when configuring detailed business roles to meet different data control demands and business needs.
Role
Applicable Position or User
System administrator
1. System Deployment and Maintenance: System administrators are responsible for the deployment, upgrades, and maintenance of the BI system to ensure its stable operation.
2. System Usage Standard Formulation: System administrators are responsible for formulating BI tool access control policies and usage guidelines.
3. Data Connection and Management: System administrators need to ensure that the BI system can connect to various data sources and effectively manage the data sources.
BI System Administrator of the Enterprise IT Department
Department Leader
1. In accordance with the business administrator's permission management policies, department leaders are responsible for permission configuration within the authorized scope to ensure departmental users can access corresponding data and functions based on their roles and responsibilities.
2. In accordance with the usage guidelines established by business administrators, department leaders are responsible for relevant management tasks within the authorized permission scope, serving as a bridge between the IT department and business departments to ensure effective communication between both sides.
Designated personnel in business departments (typically one per department). For special cases where a second user is designated, permissions should only be granted when necessary, and the user must possess advanced data analysis capabilities.
Designer
1. Designers are responsible for conducting self-service analysis within authorized data permissions and viewing self-service analysis dashboards in accordance with BI tool usage guidelines.
2. Designers need to perform data queries and analysis to extract valuable business insights in support of decision-making.
3. Designers need to communicate with business departments to understand and translate their data analysis requirements into specific BI solutions.
All employees, regardless of their specific positions
BI Viewer
1. BI viewers can access existing dashboards within authorized data permissions.
2. BI viewers can regularly monitor key business indicators to track operational performance and trends.
3. BI viewers can provide suggestions for improving BI system functions and performance based on personal usage experience.
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy