FineBI Server Version
Functional Change
6.0
/
Given that the numerous employees and constantly changing user information in a company caused by the mobility of personnel, it is burdensome to modify the information manually every time.
The synchronizing user dataset function can achieve dynamic update of user information in the platform, leading to simultaneous changes of the user information in the database.
The admins can create a server dataset and set periodic synchronization of users from the dataset to keep user information up to date.
1. If you set user synchronization, do not cancel or adjust the synchronization data source without careful consideration. This is because the data related to the relationship between role and user will not be soft-deleted and cannot be recovered.
2. For details about the notes and error messages provided when synchronizing users, see Synchronizing/Importing User FAQ.
The user data for synchronizing comes from the server dataset, which supports hierarchical and non-hierarchical user department structures.
You can choose one based on your user structure.
This example uses the user information table without hierarchical structures between departments and positions.
Preparing a User Information Table
Prepare a user information table, and its structures are shown in the following figure:
Click to download:
User Information.xlsx
Note:
1. When you import users, the username, name, and password are required contents, and other information can be left blank.
2. Support binding users' mobile phone numbers from Mainland China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia.
For mobile phone numbers in mainland China, you can choose whether or not to include the area code, while other regions' need to include.
Creating a Server Dataset
Use third-party tools such as Navicat to import the above table into the database, and establish a data connection between the system and the database.
Take the FRDemo database as an example.
The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a SQL Dataset.
Set Synchronize Users1 as Dataset Name, select FRDemo as Data from data connection, and enter the SQL sentence:
SELECT * FROM User_Information
This example uses the user information table without hierarchical structures between departments and positions. The departments of users to be synchronized are all listed under All Departments in parallel.
3. You can also use TXT/XML files.
Save the table locally or upload it to the reportlets folder in the directory %BI_HOME%\webapps\webroot\WEB-INF.
The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a File Dataset.
Set Synchronize Users-File as Dataset Name, and select the prepared table.
1. If you select Server File, choose the file in the reportlets folder in the directory %BI_HOME%\webapps\webroot\WEB-INF.
If you select Local File and upload the file, it will be automatically saved to the excel folder in the directory %BI_HOME%\webapps\webroot\WEB-INF\reportlets.
2. You can also use TXT/XML/remote URL files, which support dataset parameters.
This example uses the user information table with hierarchical structures between departments and positions.
Hierarchical Structures.xls
1. When you synchronize user datasets, if the server dataset is a tree dataset, the parent organization of the top-level institution should be Null (rather than a blank value). For example, the fid field for Anna shown in the figure below is empty.
2. It is also possible to generate a tree dataset and synchronize users without any users in a department. For example, the headquarters only has subordinate departments without direct positions or users.
3. Support binding mobile phone numbers from Mainland China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia.
Creating a SQL Dataset
Set Synchronize Users2 as Dataset Name.
Select FRDemo as Data from data connection, and enter the SQL sentence:
SELECT * FROM Hierarchical_Structures
Creating a Tree Dataset
The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a Tree Dataset.
Set Synchronize Users-Hierarchical Structures as Dataset Name.
Select Synchronize Users2 as Built from Dataset, did as Original Identity Field, and fid as Parent Identity Field.
Note: Synchronizing user tree datasets only allows building trees based on the parent field of the selected dataset, and does not allow building trees based on the length of the identity filed of the selected dataset.
1. This section introduces the data update rules for performing Synchronize Users for the first time or executing the first Synchronize Users operation when user synchronization is not enabled.
If users have been synchronized before, there will be no prompt pop-up window in the case of executing non-first synchronization operations when the user synchronizations is enabled, and the synchronization will not be performed according to the update rules in this section.
2. The synchronized users can coexist with manually added/imported users.
The admin logs into FineBI, goes to Manage > User > All Users, and clicks Synchronize Users.
A pop-up window will prompt: Keep the existing data unsynchronized or not, including imported/added users, departments, positions, roles?
The update logic for different selections is as follows:
Selection
Introduction
Reserved
If an existing user is not in the synchronized server dataset, the user information and
permissions will be preserved without modification.
If an existing user is in the server dataset (with the same username):
The user's username will not change, and the permissions will be preserved.
The user's name, password, phone number, and email will be updated.
If the user's current department, position, or role exists in the synchronized
server dataset, they will be updated.
If the user's current department, position, or role does not exist in the
synchronized server dataset, they will be preserved without modification.
Clear
Delete all the platform information for manually added/imported users, including their
username, name, password, phone number, email, department, position, role, and
permissions, and the users need to be resynchronized.
1. According to the update logic for selection, some user information will be updated after the initial synchronization.
2. Only users who have been changed to the synchronized type can be automatically updated in the future.
3. For subsequent synchronizations, the dataset cannot overwrite or update built-in data, otherwise it will result in conflicts and report error messages.
Configure information of the synchronized dataset.
There are two modes of synchronizing frequency: Fixed Interval and Expression Setting.
Note: Synchronizing the user dataset does not affect data updates in the data preparation area, and data updates will not affect the progress of user dataset synchronization.
Fixed Interval
Automatically synchronize user data from the server dataset at intervals, with a default value of 43,200 seconds.
You can set the frequency for synchronizing users, and multiple synchronizations can be automatically performed when the set frequency is reached. It continuously synchronizes the changing data from the server dataset to the platform.
Note: The synchronization frequency should not be too high, otherwise it will cause the backend logs to constantly refresh, leading to an infinite expansion of log volume.
Expression Setting
Allow setting the execution time of a task through a cron expression, and the task can be triggered at different combinations of time points such as repeating every day, repeating every other day, or executing only once.
The Editable button is unticked by default. When ticked, user information can be edited in synchronous state.
You can edit your name, password, phone number, and email. The Forget my password function is available. For existing users, the above fields will no longer be updated during automatic or manual synchronization.
The specific introduction is shown in the following table:
1. Password Policy Setting can take effect on synchronized users.
2. If you use the Forget my password function when unticking Editable, a prompt will pop up when you change the password: Your password cannot be changed. Please contact the administrator.
User Role
Description
Super admin
1. When you synchronize again, the name, password, phone number, and email fields of existing users on the platform will no longer be updated.
2. The name, phone number, email, and password of existing users on the platform
can be edited, but the role cannot be edited.
3. Allow editing the name, password, phone number, and email in Account Setting.
4. Allow going to Manage > System > Login to use the Forget my password
function.
Subordinate admin
1. The name, phone number, email, and password of users with permissions can be
edited, but the role cannot be edited.
2.Allow going to Manage > System > Login to use the Forget my password
Ordinary user
1. Synchronized users can edit the name, password, phone number, and email in
Account Setting.
2. Allow going to Manage > System > Login to use the Forget my password
Select the source of the user information.
Server Dataset
The source of synchronized users can be the current server dataset being synchronized. It does not support simultaneous synchronization from multiple server datasets. When you switch the server dataset, the previously synchronized information is cleared.
After successful synchronization, the department, position, and role information of synchronized users can only be modified in the server dataset.
There are two verification ways: User ID and Username.
Note: The default way is User ID.
1. Storage Location of User Information
Note: User information is saved in the tables of FineDB database.
Field
Table
User ID, Username
fine_user
Job ID, Position Name
fine_post
Department ID, Dept. Name
fine_department
Role ID, Role Name
fine_custom_role
2. Description
Duplicate Verification Field
Logic
Scenario
Note
User ID
Department ID
Job ID
Role ID
Select ID, and both ID and
name fields
will be
synchronized. The value of
the ID field in the corresponding table is
the ID in the
server dataset when synchronizing users.
If the username
corresponding to a
certain ID in the
dataset is modified,
the username in the platform will also be modified
accordingly, and the permissions will be inherited.
The same applies to the department,
position, and role.
In non-tree datasets, if you select ID as
the duplicate verification field, the ID and name of a position need to be a unique one-to-one relationship that is not
repeated. It is not allowed for one ID to
correspond to multiple names or for one name to correspond to multiple IDs.
The same applies to the user,
department, and role.
In tree datasets, the name and ID of
users, positions, and roles need to form a unique one-to-one relationship that is not repeated.
Note: Job ID is not visible on the
front-end. Therefore, only Position
Name is used to differentiate and
configure permissions. If there are two positions with the same name and
different IDs under the same
department, it will be impossible to differentiate and configure permissions. Therefore, it is required that both the ID and name need to have a unique one-to-one relationship. Otherwise, the
synchronization will fail directly.
Username
Dept. Name
Position Name
Role Name
Select ID, and the name field will be sunchronized. The
ID field in the corresponding table will be
randomly
generated by the system.
If the username of a user in the dataset is modified, the one in
the platform will also be modified
accordingly.
The corresponding User ID will be
randomly generated by the system.
The user with new
username will lose
the previous permissions configured
separately.
The same applies to departments,
positions, and roles, which will lose the
permissions
inherited from their
departments,
positions and roles.
If you select Position Name as the
duplicate verification field, the positions with the same name but different IDs in
the data source will be treated as one
position. For example, if there are two different positions with the name
Finance in the same department, they
will be displayed as one position and the users under them will be merged
together.
If the two Finance positions belong to
different departments, they will still be
treated as one position. However,
because of different relationships
between the department and position,
the users under them will not be merged together.
Username, Name, Password, Dept. Name, Position Name, Role Name, Mobile, and Mailbox are the field names in the corresponding server dataset.
1. Email address can include symbols # and &.
2. Allow configuring departments without configuring positions.
There are two encryption methods: Built-in SHA Encryption and Custom Password Encryption.
1. Built-in SHA Encryption
Application scenarios: Select Built-in SHA Encryption when the password in the synchronized server dataset is in plaintext.
Encryption introduction: FineBI uses SHA256 encryption to ensure password security. When a user customizes and modifies their password through the interface, it will be automatically encrypted using SHA256.
Login password: The login password is the password in the above downloaded User Information table, and not the encrypted password in the fine_user table.
2. Custom Password Encryption
Application scenarios: Custom Password Encryption needs to be used when the password in the synchronized server dataset is a custom encrypted ciphertext.
Encryption introduction: Customize a password encryption class.
The encryption method is described in the class and saved in the classes folder in the directory %BI_Home%\webapps\webroot\WEB-INF.
FineBI will perform a second SHA256 encryption based on the user's custom encryption algorithm to ensure password security.
Login password: The plaintext obtained after decrypting the ciphertext in the server dataset
1. Custom encryption algorithms need to inherit the AbstractPasswordValidator class.
2. After you tick Editable, set an encryption method and save it, when changing the encryption method again, the ciphertext in FineDB cannot be updated and users will be unable to log in.
3. After you modify the encryption method for synchronized users, there is no need to restart the project, the changes will take effect immediately.
This setting allows admins to manage user status by synchronizing user data.
It is an optional field.
If you need to use this setting, add a new field in the data source in the section “Preparing User Data for Synchronizing” with a value of 0/1.
0: Disable users.
1: Enable users.
1. If this setting is not configured, enabling or disabling synchronized users can be manually configured in the platform.
2. If this setting is configured, enabling or disabling synchronized users is entirely dependent on the data source. Not supporting manual configuration in the platform.
Note: Users that are manually added can still be enabled or disabled in the platform without being affected by this setting.
After synchronizing, three new drop-down options will be added to the Synchronized User Management button.
Click Sync Now to immediately synchronize the user dataset.
In the Synchronize Users dialog box, allow modifying the configuration of the synchronized user dataset.
Switch user sources carefully, as this will result in previously synchronized users and their departments, positions, roles, permissions, etc. being cleared. When you switch the user source dataset for synchronizing, click OK and a pop-up window will prompt: After the dataset is switched, the original synchronized data will be cleared, including users and their departments, positions, roles, permissions, etc. Confirm to switch the dataset?
If Editable is disabled, the admin can Disable Users, but cannot Edit and Delete users.
If Editable is enabled, the admin can Edit and Disable Users, but cannot Delete users.
Note: For details about disabling, editing and deleting users, see Adding Users.
Clicking Clear sync data can cancel synchronized users.
Clearing the synchronization data will delete all synchronized users, departments, positions, roles, and related permissions. FineBI will no longer continue perform synchronization, restoring to an unsynchronized status.
If there is a problem with the data source, such as a malicious clearing of tables in a database, synchronized users in the system will be cleared, and the operation cannot be reversed.
Therefore, FineBI added Abnormal data interrupts sync to stop synchronization.
The admin can enable Abnormal data interrupts sync, and set The number of users decreased by X% to stop synchronization. X is a positive integer between 1 and 100.
For example, if there are originally 100 synchronized users in the system (excluding manually added/imported users), and it is set to 30%, then synchronization will be stopped if 30 (100*30%) or more users are reduced during synchronization.
If the synchronization fails, it will prompt:
"The number of sync users will be reduced by {}% ({}), reaching the set interruption value {}% Please check whether the data source data is normal, or temporarily disable "Abnormal data interrupt sync" function"
The system will remind admins of the next automatic synchronization time based on Sync Frequency set in the Synchronization Frequency section.
When you synchronize users, errors may occur due to conflicts, resulting in partial or complete failure to synchronize user, department, position, and role data, which can lead to outdated permissions.
In the above situations, it is necessary to notify the corresponding admins timely. Therefore, FineBI provides the Sync failure reminder function.
The admin logs into FineBI, clicks Manage > User > Global Setting to set the receiver of synchronization failure reminders, and clicks Save.
1. Click Enable SMS Function to configure the SMS settings.
2. Click Enable Email to configure the email settings.
After the first manual or automatic synchronization failure, the system will send an SMS, email or platform reminder to the admin. It will continue to send reminders until the next successful synchronization. After that, if there is another synchronization failure, reminders will be sent again.
If there are multiple consecutive synchronization failures, the reminder message will only be sent for the first failure.
The reminder monitoring status will be reset only when there is a successful synchronization, the system is restarted, or the synchronized users are enabled.
After that, if there is another synchronization failure, reminders will be sent again.
SMS
Platform
Email
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy