Overview
Version
FineBI Version | Functional Change |
6.0 | / |
Application Scenarios
Multiple departments share the same system where each department has its own admin who assigns permissions to the department's employees, thus enabling hierarchical assignment of admins.
Subsidiary admins can only manage template permissions within their own scope of responsibilities.
Functions
The admin can log into FineBI and click System Management > Permission Management to set all permissions of the system on this page.
Permission Carrier
Note:Permission carrier: the object that obtains permissions, including departments, roles, and users
Permission Carrier | Application Scenario |
Department | When the departmental structure is clear and well-defined, it is the best choice to use departments as the permission carrier. |
Role | A collection of people with the same identity (not the departmental structure) in different departments For example, Peter belongs to the Internal Services department while Marks the Marketing department, but they are both shareholders who do not belong to any position within the departmental structure. |
Position | Industries such as retail and banking have businesses in many cities with identical departments and positions in each city. It is burdensome for admins to configure permissions one by one when assigning them to the same positions in different departments. In this case, it is suitable to use positions as a dimension to assign permissions in batches. |
User |
In this case, permissions can be assigned individually to certain special personnel (users), without the limitations of departmental positions or roles. |
Quick Configuration of Permissions
The admin can assign permissions for Dept. and Role in Permission Quick Configuration.
Final Permissions of Users
The admin can assign permissions for individual user in User's Final Permission.
Permission Entity
Permission entity: the assigned permission item, including Directory Permission, Personnel Management, System Management, Data Authorization, and Share Authorization.
In FineBI, Directory Permission, Data Authorization, and Share Authorization are enabled by default.
The super admin can log into FineBI, choose System Management > Permission Management > to enable other permission settings, and click Save.
Note:
Permission Type
Permission type: the types of permissions assigned to subordinate admins, including view, export, use, edit, manage, authorize
Common Permission Configuration
The admin can configure viewing, exporting, using, editing, and managing permissions in Common Permission Configuration.
Configuring Authorization Permissions
In FineBI, Authorization Configuration is disabled by default.
The super admin needs to enable Hierarchical Authorization before configuring authorization permissions.
After enabling Hierarchical Authorization, you can Authorize permissions for the subordinate admins.
The descriptions for each type of permission are shown in the following table:
Permission Type | Description |
Directory Permission | |
View | View the specified directory. |
Data of Components | View the data of components in dashboards in the directory. |
Export | Export the data of the dashboards mounted on the directory. |
Edit | Edit the platform directory. |
Authorize | Assign the directory-related permissions to subordinate users. |
Personnel Management | |
Manage | Add, delete, or change some departments. Delete or change some roles. Add roles and departments for some users. |
Authorize | Assign Personnel Management permissions to the subordinate users. |
System Management | |
System Management | Permission to use relevant functions in System Management |
Data Connection | |
Use | Permission to use a specific data connection Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management > Data Connection to add data. |
Manage | Permission to manage a specific data connection Subordinate admins can log into FineBI and go to System Management > Data Connection > Data Connection Management to perform operations such as copying, renaming, modifying, and deleting the data connection. |
Authorize | Permission to authorize a specific data connection Subordinate admins can log into FineBI and go to System Management > Permission Management > Data Connection to assign corresponding permissions of the data connection to the manageable users. |
Task Schedule | |
Manage | Permission to manage the assigned scheduled task and use the scheduled task node Subordinate admins can log into FineBI and go to System Management > Task Schedule to perform operations such as editing, copying, viewing, deleting, and creating scheduled tasks. |
Authorize | Permission to authorize the assigned scheduled task and scheduled task node, and to use the permission management node Subordinate admins can log into FineBI and go to System Management > Permission Management to assign the management permission of the scheduled task to other recipients. |
Data Authorization | |
Component Data | View the data of components in the dashboard that uses Public Data in Directory. |
Use | View the data of tables in Public Data, and use the data of tables in My Analysis. |
Data Management | Edit, add and delete tables in Public Data. |
File Management | Edit, add and delete folders in Public Data. |
Data Publishing | Publish tables in My Analysis to Public Data. |
Authorize | The admin can authorize users, so that they can assign permissions of Public Data to other users. |
Rows and Columns of Data | FineBI provides methods to set row and column permissions for public data tables.
|
Share Authorization | |
Sharing the Public Link of Dashboards | After creating a dashboard, users can share it to people who do not have a FineBI account or install FineBI on their PC to view. |
Sharing the Dashboards to Directory | Users can click Share to directory in the FineBI's Dashboard interface to share the dashboard to specific departments, roles, or users. |
Resource Collaboration | FineBI supports collaboration, allowing folders or analysis subjects to be collaborated with other design users. |
Viewing Dimension
The admin can set permissions according to different dimensions: User group dimension and Resource Dimension.
User Group Dimension
FineBI defaults to User group dimension for permission configuration.
When configuring permissions, the admin selects the permission carrier on the left, and then configures the corresponding permission entity for it on the right.
When assigning permissions, the admin needs to note the following:
If a subordinate admin wants to assign the Use permission for a dashboard or platform management to others, the user needs to have the Authorize permission for that dashboard or platform management.
If multiple admins assign permissions for the same role, the later configuration will overwrite and update the earlier one.
When subordinate admins delete a directory, all templates mounted below it will also be deleted, including those without permissions.
If subordinate admins want to edit users within a role (add/delete), the admin need to assign them the User node's using permission.
Resource Dimension
The admin can click Switch to use Resource Dimension for permission configuration.
In Resource Dimension, allow assigning permission carrier for only Directory and Data Authorization, not for other permission entities.
When configuring permissions, the admin selects Directory Permission on the left, and then assigns it to the targeted departments, roles, and users on the right.
Permission Logic
Because an employee may have multiple departments, positions, or roles and there are hierarchic structures among departments, you need to follow relevant permission logic when assigning permissions.
Logic | Introduction |
User First | For the same permission entity, user permissions have a higher priority than department or role permissions. If there are user permissions, they will take precedence. |
Permission Union | When a user belongs to multiple permission carriers (departments/roles/positions) that have been configured permissions, the user will inherit all permissions. |
Parent Nodes Overriding Child Nodes | For hierarchical structures:
|
Child Nodes not Affecting Parent Nodes | For hierarchical structures, if permissions are first assigned to a parent node and then different permissions are assigned to a child node, permissions for both the parent and child nodes take effect independently without affecting each other. |
Half-Selected Status in Permission Configuration
To view directory permission configurations in the data decision-making system, when a directory is collapsed, admins cannot confirm whether the child nodes have permissions.
Admins can determine the permission configuration by checking whether the text on the left side of the directory permission configuration is highlighted.
The application limits on text half-selected highlight:
For User group dimension: applying to the four types of permissions on the right side of Permission: Directory Permission, Personnel Management, System Management, and Data Authorization.
For Resource Dimension: not applying
This section uses setting Directory permissions as an example.
Child Nodes with Permissions
If a child node has viewing permissions for Directory Permission, regardless of whether the parent node has viewing permissions, the text of the child node and its parent node will both be highlighted. Namely, as long as there is the lowest permission, the text of the parent node will be highlighted.
1. A child node has viewing permissions for Directory Permission, and the parent node also has corresponding viewing permissions.
2. A child node has viewing permissions for Directory Permission, but the parent node does not have corresponding viewing permissions.
Child Nodes Without Permissions
If neither the child node nor the parent node has viewing permissions for Directory Permission, they will have no text highlighting effects.
