Permission- FineBI Document

Last update： 2023-10-26

Overview

Version

FineBI Version	Functional Change
6.0	/

Application Scenarios

Multiple departments share the same system where each department has its own admin who assigns permissions to the department's employees, thus enabling hierarchical assignment of admins.

Subsidiary admins can only manage template permissions within their own scope of responsibilities.

Functions

The admin can log into FineBI and click System Management > Permission Management to set all permissions of the system on this page.

Permission Carrier

Note:

You need to complete the configuration of User before assigning permissions.

Permission carrier: the object that obtains permissions, including departments, roles, and users

Permission Carrier	Application Scenario
Department	When the departmental structure is clear and well-defined, it is the best choice to use departments as the permission carrier.
Role	A collection of people with the same identity (not the departmental structure) in different departments For example, Peter belongs to the Internal Services department while Marks the Marketing department, but they are both shareholders who do not belong to any position within the departmental structure.
Position	Industries such as retail and banking have businesses in many cities with identical departments and positions in each city. It is burdensome for admins to configure permissions one by one when assigning them to the same positions in different departments. In this case, it is suitable to use positions as a dimension to assign permissions in batches.
User	Some users may need to temporarily view a certain template. Leaders who may hold multiple positions have permissions to view some templates, but their departments and roles do not have such permissions. Sometimes, to assign dashboard permissions to specific individuals, a new role must be created for them. In this case, permissions can be assigned individually to certain special personnel (users), without the limitations of departmental positions or roles.

Quick Configuration of Permissions

The admin can assign permissions for Dept. and Role in Permission Quick Configuration.

Final Permissions of Users

The admin can assign permissions for individual user in User's Final Permission.

Permission Entity

Permission entity: the assigned permission item, including Directory Permission, Personnel Management, System Management, Data Authorization, and Share Authorization.

In FineBI, Directory Permission, Data Authorization, and Share Authorization are enabled by default.

The super admin can log into FineBI, choose System Management > Permission Management > to enable other permission settings, and click Save.

Note:

The Global Setting button is not available in the subordinate admin's permission management interface.

Permission Type

Permission type: the types of permissions assigned to subordinate admins, including view, export, use, edit, manage, authorize

Common Permission Configuration

The admin can configure viewing, exporting, using, editing, and managing permissions in Common Permission Configuration.

Configuring Authorization Permissions

In FineBI, Authorization Configuration is disabled by default.

The super admin needs to enable Hierarchical Authorization before configuring authorization permissions.

After enabling Hierarchical Authorization, you can Authorize permissions for the subordinate admins.

The descriptions for each type of permission are shown in the following table:

Permission Type	Description
Directory Permission
View	View the specified directory.
Data of Components	View the data of components in dashboards in the directory.
Export	Export the data of the dashboards mounted on the directory.
Edit	Edit the platform directory.
Authorize	Assign the directory-related permissions to subordinate users.
Personnel Management
Manage	Add, delete, or change some departments. Delete or change some roles. Add roles and departments for some users.
Authorize	Assign Personnel Management permissions to the subordinate users.
System Management
System Management	Permission to use relevant functions in System Management
Data Connection
Use	Permission to use a specific data connection Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management > Data Connection to add data.
Manage	Permission to manage a specific data connection Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management to perform operations such as copying, renaming, modifying, and deleting the data connection.
Authorize	Permission to authorize a specific data connection Subordinate admins can log into FineBI and go to System Management > Permission Management > Data Connection to assign corresponding permissions of the data connection to the manageable users.
Task Schedule
Manage	Permission to manage the assigned scheduled task and use the scheduled task node Subordinate admins can log into FineBI and go to System Management > Task Schedule to perform operations such as editing, copying, viewing, deleting, and creating scheduled tasks.
Authorize	Permission to authorize the assigned scheduled task and scheduled task node, and to use the permission management node Subordinate admins can log into FineBI and go to System Management > Permission Management to assign the management permission of the scheduled task to other recipients.
Data Authorization
Component Data	View the data of components in the dashboard that uses Public Data in Directory.
Use	View the data of tables in Public Data, and use the data of tables in My Analysis.
Data Management	Edit, add and delete tables in Public Data.
File Management	Edit, add and delete folders in Public Data.
Data Publishing	Publish tables in My Analysis to Public Data.
Authorize	The admin can authorize users, so that they can assign permissions of Public Data to other users.
Rows and Columns of Data	FineBI provides methods to set row and column permissions for public data tables. Row permissions: Users are limited in using specified rows in the dataset by adding analysis, filtering, and other conditions. Column permissions: Users are limited in using specified columns in the dataset by ticking the corresponding boxes.
Share Authorization
Sharing the Public Link of Dashboards	After creating a dashboard, users can share it to people who do not have a FineBI account or install FineBI on their PC to view.
Sharing the Dashboards to Directory	Users can click Share to directory in the FineBI's Dashboard interface to share the dashboard to specific departments, roles, or users.
Resource Collaboration	FineBI supports collaboration, allowing folders or analysis subjects to be collaborated with other design users.

Viewing Dimension

The admin can set permissions according to different dimensions: User group dimension and Resource Dimension.

User Group Dimension

FineBI defaults to User group dimension for permission configuration.

When configuring permissions, the admin selects the permission carrier on the left, and then configures the corresponding permission entity for it on the right.

When assigning permissions, the admin needs to note the following:

If a subordinate admin wants to assign the Use permission for a dashboard or platform management to others, the user needs to have the Authorize permission for that dashboard or platform management.
If multiple admins assign permissions for the same role, the later configuration will overwrite and update the earlier one.
When subordinate admins delete a directory, all templates mounted below it will also be deleted, including those without permissions.
If subordinate admins want to edit users within a role (add/delete), the admin need to assign them the User node's using permission.

Resource Dimension

The admin can click Switch to use Resource Dimension for permission configuration.

In Resource Dimension, allow assigning permission carrier for only Directory and Data Authorization, not for other permission entities.

When configuring permissions, the admin selects Directory Permission on the left, and then assigns it to the targeted departments, roles, and users on the right.

Permission Logic

Because an employee may have multiple departments, positions, or roles and there are hierarchic structures among departments, you need to follow relevant permission logic when assigning permissions.

Logic	Introduction
User First	For the same permission entity, user permissions have a higher priority than department or role permissions. If there are user permissions, they will take precedence.
Permission Union	When a user belongs to multiple permission carriers (departments/roles/positions) that have been configured permissions, the user will inherit all permissions.
Parent Nodes Overriding Child Nodes	For hierarchical structures: If permissions are assigned to a child node, and then to a parent node, in the current and lower dimensions, the parent node will override the child node's permissions. For example, if editing permission is assigned to Template One in Directory One, and viewing permission is assigned to the parent node, then Template One has both editing and viewing permission while other child nodes have viewing permissions. If permissions are revoked from a child node, and then a parent node, in the current and higher dimensions, the parent node will override the child node's permissions. For example, if editing permission is assigned to Directory One, viewing permission is revoked from the child node, and then editing permission is revoked from the parent node, then the child node has no permissions.
Child Nodes not Affecting Parent Nodes	For hierarchical structures, if permissions are first assigned to a parent node and then different permissions are assigned to a child node, permissions for both the parent and child nodes take effect independently without affecting each other.

Half-Selected Status in Permission Configuration

To view directory permission configurations in the data decision-making system, when a directory is collapsed, admins cannot confirm whether the child nodes have permissions.

Admins can determine the permission configuration by checking whether the text on the left side of the directory permission configuration is highlighted.

The application limits on text half-selected highlight:

For User group dimension: applying to the four types of permissions on the right side of Permission: Directory Permission, Personnel Management, System Management, and Data Authorization.
For Resource Dimension: not applying

This section uses setting Directory permissions as an example.

Child Nodes with Permissions

If a child node has viewing permissions for Directory Permission, regardless of whether the parent node has viewing permissions, the text of the child node and its parent node will both be highlighted. Namely, as long as there is the lowest permission, the text of the parent node will be highlighted.

1. A child node has viewing permissions for Directory Permission, and the parent node also has corresponding viewing permissions.

2. A child node has viewing permissions for Directory Permission, but the parent node does not have corresponding viewing permissions.

Child Nodes Without Permissions

If neither the child node nor the parent node has viewing permissions for Directory Permission, they will have no text highlighting effects.

Helpful
Not helpful
Only read

中文（简体）中文（繁體）日本語

English

Permission