Permission

  • Last update:October 26, 2023
  • Overview

    Version

    FineBI Version

    Functional Change

    6.0

    /

    Application Scenarios

    Multiple departments share the same system where each department has its own admin who assigns permissions to the department's employees, thus enabling hierarchical assignment of admins.

    Subsidiary admins can only manage template permissions within their own scope of responsibilities.

    Functions

    The admin can log into FineBI and click System Management > Permission Management to set all permissions of the system on this page.

    Permission Carrier


    iconNote:
    You need to complete the configuration of User before assigning permissions.


    Permission carrier: the object that obtains permissions, including departments, roles, and users

    Permission Carrier

    Application Scenario

    Department

    When the departmental structure is clear and well-defined, it is the best choice to 

    use departments as the permission carrier.

    Role

    A collection of people with the same identity (not the departmental structure) in 

    different departments

    For example, Peter belongs to the Internal Services department while Marks the 

    Marketing department, but they are both shareholders who do not belong to any 

    position within the departmental structure.

    Position

    Industries such as retail and banking have businesses in many cities with identical 

    departments and positions in each city.

    It is burdensome for admins to configure permissions one by one when assigning 

    them to the same positions in different departments.

    In this case, it is suitable to use positions as a dimension to assign permissions in 

    batches.

    User

    • Some users may need to temporarily view a certain template.

    • Leaders who may hold multiple positions have permissions to view some

      templates, but their departments and roles do not have such permissions.

    • Sometimes, to assign dashboard permissions to specific individuals, a new

      role must be created for them.

    In this case, permissions can be assigned individually to certain special personnel

    (users), without the limitations of departmental positions or roles.

    Quick Configuration of Permissions

    The admin can assign permissions for Dept. and Role in Permission Quick Configuration.

    Final Permissions of Users

    The admin can assign permissions for individual user in User's Final Permission.

    Permission Entity

    Permission entity: the assigned permission item, including Directory PermissionPersonnel Management, System ManagementData Authorizationand Share Authorization.

    In FineBI, Directory PermissionData Authorization, and Share Authorization are enabled by default.

    The super admin can log into FineBI, choose System Management > Permission Management >  to enable other permission settings, and click Save.

    iconNote:
    The Global Setting button is not available in the subordinate admin's permission management interface.


    Permission Type

    Permission type: the types of permissions assigned to subordinate admins, including view, export, use, edit, manage, authorize

    Common Permission Configuration

    The admin can configure viewing, exporting, using, editing, and managing permissions in Common Permission Configuration.

    Configuring Authorization Permissions

    In FineBI, Authorization Configuration is disabled by default.

    The super admin needs to enable Hierarchical Authorization before configuring authorization permissions.

    After enabling Hierarchical Authorization, you can Authorize permissions for the subordinate admins.

    The descriptions for each type of permission are shown in the following table:

    Permission Type

    Description

    Directory Permission

    View

    View the specified directory.

    Data of Components

    View the data of components in dashboards in the directory.

    Export

    Export the data of the dashboards mounted on the directory.

    Edit

    Edit the platform directory.

    Authorize

    Assign the directory-related permissions to subordinate users.

    Personnel Management

    Manage

    Add, delete, or change some departments.

    Delete or change some roles.

    Add roles and departments for some users.

    Authorize

    Assign Personnel Management permissions to the subordinate users.

    System Management

    System Management

    Permission to use relevant functions in System Management

    Data Connection

    Use

    Permission to use a specific data connection

    Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management > Data Connection to 

    add data.

    Manage

    Permission to manage a specific data connection

    Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management to perform operations 

    such as copying, renaming, modifying, and deleting the data connection.

    Authorize

    Permission to authorize a specific data connection

    Subordinate admins can log into FineBI and go to System Management > Permission Management Data Connection to assign corresponding permissions of the data 

    connection to the manageable users.

    Task Schedule

    Manage

    Permission to manage the assigned scheduled task and use the 

    scheduled task node

    Subordinate admins can log into FineBI and go to System Management > Task Schedule to perform operations such as editing, copying, viewing, 

    deleting, and creating scheduled tasks.

    Authorize

    Permission to authorize the assigned scheduled task and scheduled 

    task node, and to use the permission management node

    Subordinate admins can log into FineBI and go to System Management > Permission Management to assign the management permission of the scheduled task to other 

    recipients.

    Data Authorization

    Component Data

    View the data of components in the dashboard that uses Public Data in 

    Directory.

    Use

    View the data of tables in Public Data, and use the data of tables in My 

    Analysis.

    Data Management

    Edit, add and delete tables in Public Data.

    File Management

    Edit, add and delete folders in Public Data.

    Data Publishing

    Publish tables in My Analysis to Public Data.

    Authorize

    The admin can authorize users, so that they can assign permissions of 

    Public Data to other users.

    Rows and Columns of 

    Data

    FineBI provides methods to set row and column permissions for public 

    data tables.

    • Row permissions: Users are limited in using specified rows in the

      dataset by adding analysis, filtering, and other conditions.

    • Column permissions: Users are limited in using specified columns in

      the dataset by ticking the corresponding boxes.

    Share Authorization

    Sharing the Public Link 

    of Dashboards

    After creating a dashboard, users can share it to people who do not have a FineBI account or install FineBI on their PC to view.

    Sharing the Dashboards 

    to Directory

    Users can click Share to directory in the FineBI's Dashboard interface 

    to share the dashboard to specific departments, roles, or users.

    Resource Collaboration

    FineBI supports collaboration, allowing folders or analysis subjects to be 

    collaborated with other design users.

    Viewing Dimension

    The admin can set permissions according to different dimensions: User group dimension and Resource Dimension.

    User Group Dimension

    FineBI defaults to User group dimension for permission configuration.

    When configuring permissions, the admin selects the permission carrier on the left, and then configures the corresponding permission entity for it on the right.

    When assigning permissions, the admin needs to note the following:

    • If a subordinate admin wants to assign the Use permission for a dashboard or platform management to others, the user needs to have the Authorize permission for that dashboard or platform management.

    • If multiple admins assign permissions for the same role, the later configuration will overwrite and update the earlier one.

    • When subordinate admins delete a directory, all templates mounted below it will also be deleted, including those without permissions.

    • If subordinate admins want to edit users within a role (add/delete), the admin need to assign them the User node's using permission.

    Resource Dimension

    The admin can click Switch to use Resource Dimension for permission configuration.

    In Resource Dimension, allow assigning permission carrier for only Directory and Data Authorization, not for other permission entities.

    When configuring permissions, the admin selects Directory Permission on the left, and then assigns it to the targeted departments, roles, and users on the right.

    Permission Logic

    Because an employee may have multiple departments, positions, or roles and there are hierarchic structures among departments, you need to follow relevant permission logic when assigning permissions.

    Logic

    Introduction

    User First

    For the same permission entity, user permissions have a higher priority than department 

    or role permissions. If there are user permissions, they will take precedence.

    Permission Union

    When a user belongs to multiple permission carriers (departments/roles/positions) that 

    have been configured permissions, the user will inherit all permissions.

    Parent Nodes   Overriding Child Nodes

    For hierarchical structures:

    • If permissions are assigned to a child node, and then to a parent node, in the current and lower dimensions, the parent node will override the child node's 

      permissions. For example, if editing permission is assigned to Template One in

      Directory One, and viewing permission is assigned to the parent node, then Template One has both editing and viewing permission while other child nodes have viewing

      permissions.

    • If permissions are revoked from a child node, and then a parent node, in the current and higher dimensions, the parent node will override the child node's

      permissions. For example, if editing permission is assigned to Directory One, viewing  permission is revoked from the child node, and then editing permission is revoked

      from the parent node, then the child node has no permissions.

    Child Nodes not  

    Affecting 

    Parent 

    Nodes

    For hierarchical structures, if permissions are first assigned to a parent node and then 

    different permissions are assigned to a child node, permissions for both the parent and 

    child nodes take effect independently without affecting each other.

    Half-Selected Status in Permission Configuration

    To view directory permission configurations in the data decision-making system, when a directory is collapsed, admins cannot confirm whether the child nodes have permissions.

    Admins can determine the permission configuration by checking whether the text on the left side of the directory permission configuration is highlighted.

    The application limits on text half-selected highlight:

    • For User group dimension: applying to the four types of permissions on the right side of PermissionDirectory PermissionPersonnel ManagementSystem Management, and Data Authorization.

    • For Resource Dimension: not applying

    This section uses setting Directory permissions as an example.

    Child Nodes with Permissions

    If a child node has viewing permissions for Directory Permission, regardless of whether the parent node has viewing permissions, the text of the child node and its parent node will both be highlighted. Namely, as long as there is the lowest permission, the text of the parent node will be highlighted.

    1. A child node has viewing permissions for Directory Permission, and the parent node also has corresponding viewing permissions.

    2. A child node has viewing permissions for Directory Permission, but the parent node does not have corresponding viewing permissions.

    Child Nodes Without Permissions

    If neither the child node nor the parent node has viewing permissions for Directory Permission, they will have no text highlighting effects.

    附件列表


    主题: System Management
    Previous
    Next
    • Helpful
    • Not helpful
    • Only read

    滑鼠選中內容,快速回饋問題

    滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。

    不再提示

    10s後關閉

    Get
    Help
    Online Support
    Professional technical support is provided to quickly help you solve problems.
    Online support is available from 9:00-12:00 and 13:30-17:30 on weekdays.
    Page Feedback
    You can provide suggestions and feedback for the current web page.
    Pre-Sales Consultation
    Business Consultation
    Business: international@fanruan.com
    Support: support@fanruan.com
    Page Feedback
    *Problem Type
    Cannot be empty
    Problem Description
    0/1000
    Cannot be empty

    Submitted successfully

    Network busy