反馈已提交

网络繁忙

You are viewing 5.1 help doc. More details are displayed in the latest help doc.

Synchronizing Users

  • Recent Updates: April 26, 2023
  • Overview

    Version

    FineBI Server Version

    Functional Change

    6.0

    /

    Application Scenarios

    Given that the numerous employees and constantly changing user information in a company caused by the mobility of personnel, it is burdensome to modify the information manually every time.

    The synchronizing user dataset function can achieve dynamic update of user information in the platform, leading to simultaneous changes of the user information in the database.

    Functions

    The admins can create a server dataset and set periodic synchronization of users from the dataset to keep user information up to date.

    Notes

    1. If you set user synchronization, do not cancel or adjust the synchronization data source without careful consideration. This is because the data related to the relationship between role and user will not be soft-deleted and cannot be recovered.

    2. For details about the notes and error messages provided when synchronizing users, see Synchronizing/Importing User FAQ.

    Preparing User Data for Synchronizing

    The user data for synchronizing comes from the server dataset, which supports hierarchical and non-hierarchical user department structures.

    You can choose one based on your user structure.

    Non-Hierarchical Structures Between Departments and Positions-SQL Datasets

    This example uses the user information table without hierarchical structures between departments and positions.

    Preparing a User Information Table

    Prepare a user information table, and its structures are shown in the following figure:

    Click to download:

    User Information.xlsx

    Note:

    1. When you import users, the username, name, and password are required contents, and other information can be left blank.

    2. Support binding users' mobile phone numbers from Mainland China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia.

    For mobile phone numbers in mainland China, you can choose whether or not to include the area code, while other regions' need to include.

    Creating a Server Dataset

    Use third-party tools such as Navicat to import the above table into the database, and establish a data connection between the system and the database.

    Take the FRDemo database as an example.

    The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a SQL Dataset.

    Set Synchronize Users1 as Dataset Name, select FRDemo as Data from data connection, and enter the SQL sentence:

    SELECT * FROM User_Information

    Non-Hierarchical Structures Between Departments and Positions-File Datasets

    This example uses the user information table without hierarchical structures between departments and positions. The departments of users to be synchronized are all listed under All Departments in parallel.

    Preparing a User Information Table

    Prepare a user information table, and its structures are shown in the following figure:

    Click to download:

    User Information.xlsx

    Note:

    1. When you import users, the username, name, and password are required contents, and other information can be left blank.

    2. Support binding users' mobile phone numbers from Mainland China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia.

    For mobile phone numbers in mainland China, you can choose whether or not to include the area code, while other regions' need to include.

    3. You can also use TXT/XML files.

    Creating a Server Dataset

    Save the table locally or upload it to the reportlets folder in the directory %BI_HOME%\webapps\webroot\WEB-INF.

    The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a File Dataset.

    Set Synchronize Users-File as Dataset Name, and select the prepared table.

    Note:

    1. If you select Server File, choose the file in the reportlets folder in the directory %BI_HOME%\webapps\webroot\WEB-INF.

    If you select Local File and upload the file, it will be automatically saved to the excel folder in the directory %BI_HOME%\webapps\webroot\WEB-INF\reportlets.

    2. You can also use TXT/XML/remote URL files, which support dataset parameters.

    Non-Hierarchical Structures Between Departments and Positions-File Datasets

    This example uses the user information table with hierarchical structures between departments and positions.

    Preparing a User Information Table

    Prepare a user information table, and its structures are shown in the following figure:

    Click to download:

    Hierarchical Structures.xls

    Note:

    1. When you synchronize user datasets, if the server dataset is a tree dataset, the parent organization of the top-level institution should be Null (rather than a blank value). For example, the fid field for Anna shown in the figure below is empty.

    2. It is also possible to generate a tree dataset and synchronize users without any users in a department. For example, the headquarters only has subordinate departments without direct positions or users.

    3. Support binding mobile phone numbers from Mainland China, Taiwan (China), Hong Kong (China), Turkey, South Korea, Japan, Singapore, and Malaysia.

    For mobile phone numbers in mainland China, you can choose whether or not to include the area code, while other regions' need to include.

    Creating a SQL Dataset

    Use third-party tools such as Navicat to import the above table into the database, and establish a data connection between the system and the database.

    Take the FRDemo database as an example.

    The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a SQL Dataset.

    Set Synchronize Users2 as Dataset Name.

    Select FRDemo as Data from data connection, and enter the SQL sentence:

    SELECT * FROM Hierarchical_Structures

    Creating a Tree Dataset

    The admin logs into FineBI, and clicks Manage > Data Connection > Server Dataset to create a Tree Dataset.

    Set Synchronize Users-Hierarchical Structures as Dataset Name.

    Select Synchronize Users2 as Built from Dataset, did as Original Identity Field, and fid as Parent Identity Field.

    Note: Synchronizing user tree datasets only allows building trees based on the parent field of the selected dataset, and does not allow building trees based on the length of the identity filed of the selected dataset.

    Update Settings for the First Synchronizing Users

    Note:

    1. This section introduces the data update rules for performing Synchronize Users for the first time or executing the first Synchronize Users operation when user synchronization is not enabled.

    If users have been synchronized before, there will be no prompt pop-up window in the case of executing non-first synchronization operations when the user synchronizations is enabled, and the synchronization will not be performed according to the update rules in this section.

    2. The synchronized users can coexist with manually added/imported users.

    The admin logs into FineBI, goes to Manage > User > All Users, and clicks Synchronize Users.

    A pop-up window will prompt: Keep the existing data unsynchronized or not, including imported/added users, departments, positions, roles?

    The update logic for different selections is as follows:

    Selection

    Introduction

    Reserved

    If an existing user is not in the synchronized server dataset, the user information and   permissions will be preserved without modification.

    If an existing user is in the server dataset (with the same username):

    • The user's username will not change, and the permissions will be preserved.

    • The user's name, password, phone number, and email will be updated.

    • If the user's current department, position, or role exists in the synchronized

      server dataset, they will be updated.

    • If the user's current department, position, or role does not exist in the

      synchronized server dataset, they will be preserved without modification.

    Clear

    Delete all the platform information for manually added/imported users, including their   username, name, password, phone number, email, department, position, role, and 

    permissions, and the users need to be resynchronized.

    Note:

    1. According to the update logic for selection, some user information will be updated after the initial synchronization.

    2. Only users who have been changed to the synchronized type can be automatically updated in the future.

    3. For subsequent synchronizations, the dataset cannot overwrite or update built-in data, otherwise it will result in conflicts and report error messages.

    Configuration of Synchronizing Users

    Configure information of the synchronized dataset.

    Sync Frequency

    There are two modes of synchronizing frequency: Fixed Interval and Expression Setting.

    Note: Synchronizing the user dataset does not affect data updates in the data preparation area, and data updates will not affect the progress of user dataset synchronization.

    Fixed Interval

    Automatically synchronize user data from the server dataset at intervals, with a default value of 43,200 seconds.

    You can set the frequency for synchronizing users, and multiple synchronizations can be automatically performed when the set frequency is reached. It continuously synchronizes the changing data from the server dataset to the platform.

    Note: The synchronization frequency should not be too high, otherwise it will cause the backend logs to constantly refresh, leading to an infinite expansion of log volume.

    Expression Setting

    Allow setting the execution time of a task through a cron expression, and the task can be triggered at different combinations of time points such as repeating every day, repeating every other day, or executing only once.

    Editable

    The Editable button is unticked by default. When ticked, user information can be edited in synchronous state.

    You can edit your name, password, phone number, and email. The Forget my password function is available. For existing users, the above fields will no longer be updated during automatic or manual synchronization.

    The specific introduction is shown in the following table:

    Note:

    1. Password Policy Setting can take effect on synchronized users.

    2. If you use the Forget my password function when unticking Editable, a prompt will pop up when you change the password: Your password cannot be changed. Please contact the administrator.

    User Role

    Description

    Super admin

    1. When you synchronize again, the name, password, phone number, and email fields of existing users on the platform will no longer be updated.

    2. The name, phone number, email, and password of existing users on the platform 

    can be edited, but the role cannot be edited.

    3. Allow editing the name, password, phone number, and email in Account Setting.

    4. Allow going to Manage > System > Login to use the Forget my password 

    function.

    Subordinate admin

    1. The name, phone number, email, and password of users with permissions can be 

    edited, but the role cannot be edited.

    2.Allow going to Manage > System > Login to use the Forget my password 

    function.

    3. Allow editing the name, password, phone number, and email in Account Setting.

    Ordinary user

    1. Synchronized users can edit the name, password, phone number, and email in 

    Account Setting.

    2. Allow going to Manage > System > Login to use the Forget my password 

    function.

    Source of User

    Select the source of the user information.

    Server Dataset

    The source of synchronized users can be the current server dataset being synchronized. It does not support simultaneous synchronization from multiple server datasets. When you switch the server dataset, the previously synchronized information is cleared.

    After successful synchronization, the department, position, and role information of synchronized users can only be modified in the server dataset.

    Duplicate Verification Field of Users

    There are two verification ways: User ID and Username.

    Note: The default way is User ID.

    1. Storage Location of User Information

    Note: User information is saved in the tables of FineDB database.

    Field

    Table

    User ID, Username

    fine_user

    Job ID, Position Name

    fine_post

    Department ID, Dept. Name

    fine_department

    Role ID, Role Name

    fine_custom_role

    2. Description

    Duplicate Verification Field

    Logic

    Scenario

    Note

    User ID

    Department ID

    Job ID

    Role ID

    Select ID, and both ID and 

    name fields 

    will be 

    synchronized. The value of 

    the ID field in the corresponding table is 

    the ID in the 

    server dataset when synchronizing users.

    If the username 

    corresponding to a 

    certain ID in the 

    dataset is modified, 

    the username in the platform will also be modified 

    accordingly, and the permissions will be   inherited. 

    The same applies to the department, 

    position, and role.

    In non-tree datasets, if you select ID as 

    the duplicate verification field, the ID and name of a position need to be a unique one-to-one relationship that is not 

    repeated. It is not allowed for one ID to 

    correspond to multiple names or for one name to correspond to multiple IDs. 

    The same applies to the user, 

    department, and role.

    In tree datasets, the name and ID of 

    users, positions, and roles need to form a unique one-to-one relationship that is not repeated.

    Note: Job ID is not visible on the 

    front-end. Therefore, only Position 

    Name is used to differentiate and 

    configure permissions. If there are two   positions with the same name and 

    different IDs under the same 

    department, it will be impossible to differentiate and configure permissions. Therefore, it is required that both the ID and name need to have a unique one-to-one relationship. Otherwise, the 

    synchronization will fail directly.

    Username

    Dept. Name

    Position Name

    Role Name

    Select ID, and the name field will be sunchronized. The 

    ID field in the corresponding table will be 

    randomly 

    generated by the system.

    If the username of a user in the dataset is modified, the one in 

    the platform will also be modified 

    accordingly. 

    The corresponding User ID will be 

    randomly generated by the system. 

    The user with new 

    username will lose 

    the previous permissions configured 

    separately. 

    The same applies to departments, 

    positions, and roles, which will lose the 

    permissions 

    inherited from their 

    departments, 

    positions and roles.

    If you select Position Name as the 

    duplicate verification field, the positions with the same name but different IDs in 

    the data source will be treated as one 

    position. For example, if there are two   different positions with the name 

    Finance in the same department, they 

    will be displayed as one position and the users under them will be merged 

    together.

    If the two Finance positions belong to 

    different departments, they will still be 

    treated as one position. However, 

    because of different relationships 

    between the department and position, 

    the users under them will not be merged together. 

    The same applies to the user, 

    department, and role.

    Name of Fields

    Username, Name, Password, Dept. Name, Position Name, Role Name, Mobile, and Mailbox are the field names in the corresponding server dataset.

    Note:

    1. Email address can include symbols # and &.

    2. Allow configuring departments without configuring positions.

    Encryption Methods

    There are two encryption methods: Built-in SHA Encryption and Custom Password Encryption.

    1. Built-in SHA Encryption

    • Application scenarios: Select Built-in SHA Encryption when the password in the synchronized server dataset is in plaintext.

    • Encryption introduction: FineBI uses SHA256 encryption to ensure password security. When a user customizes and modifies their password through the interface, it will be automatically encrypted using SHA256.

    • Login password: The login password is the password in the above downloaded User Information table, and not the encrypted password in the fine_user table.

    2. Custom Password Encryption

    • Application scenarios: Custom Password Encryption needs to be used when the password in the synchronized server dataset is a custom encrypted ciphertext.

    • Encryption introduction: Customize a password encryption class.

      The encryption method is described in the class and saved in the classes folder in the directory %BI_Home%\webapps\webroot\WEB-INF.

      FineBI will perform a second SHA256 encryption based on the user's custom encryption algorithm to ensure password security.

    • Login password: The plaintext obtained after decrypting the ciphertext in the server dataset

    Note:

    1. Custom encryption algorithms need to inherit the AbstractPasswordValidator class.

    2. After you tick Editable, set an encryption method and save it, when changing the encryption method again, the ciphertext in FineDB cannot be updated and users will be unable to log in.

    3. After you modify the encryption method for synchronized users, there is no need to restart the project, the changes will take effect immediately.

    User Disabled Status

    This setting allows admins to manage user status by synchronizing user data.

    It is an optional field.

    If you need to use this setting, add a new field in the data source in the section “Preparing User Data for Synchronizing” with a value of 0/1.

    • 0: Disable users.

    • 1: Enable users.

    1. If this setting is not configured, enabling or disabling synchronized users can be manually configured in the platform.

    2. If this setting is configured, enabling or disabling synchronized users is entirely dependent on the data source. Not supporting manual configuration in the platform.

    Note: Users that are manually added can still be enabled or disabled in the platform without being affected by this setting.

    Synchronized User Management

    After synchronizing, three new drop-down options will be added to the Synchronized User Management button.

    Sync Now

    Click Sync Now to immediately synchronize the user dataset.

    Edit

    In the Synchronize Users dialog box, allow modifying the configuration of the synchronized user dataset.

    • Switch user sources carefully, as this will result in previously synchronized users and their departments, positions, roles, permissions, etc. being cleared. When you switch the user source dataset for synchronizing, click OK and a pop-up window will prompt: After the dataset is switched, the original synchronized data will be cleared, including users and their departments, positions, roles, permissions, etc. Confirm to switch the dataset?


    • If Editable is disabled, the admin can Disable Users, but cannot Edit and Delete users.

    • If Editable is enabled, the admin can Edit and Disable Users, but cannot Delete users.

    Note: For details about disabling, editing and deleting users, see Adding Users.

    Clear Sync Data

    Clicking Clear sync data can cancel synchronized users.

    Clearing the synchronization data will delete all synchronized users, departments, positions, roles, and related permissions. FineBI will no longer continue perform synchronization, restoring to an unsynchronized status.

    Abnormal Data Interrupting Synchronization

    If there is a problem with the data source, such as a malicious clearing of tables in a database, synchronized users in the system will be cleared, and the operation cannot be reversed.

    Therefore, FineBI added Abnormal data interrupts sync to stop synchronization.

    The admin can enable Abnormal data interrupts sync, and set The number of users decreased by X% to stop synchronization. X is a positive integer between 1 and 100.

    For example, if there are originally 100 synchronized users in the system (excluding manually added/imported users), and it is set to 30%, then synchronization will be stopped if 30 (100*30%) or more users are reduced during synchronization.

    If the synchronization fails, it will prompt:

    "The number of sync users will be reduced by {}% ({}), reaching the set interruption value {}% Please check whether the data source data is normal, or temporarily disable "Abnormal data interrupt sync" function"

    Next Synchronization Time

    The system will remind admins of the next automatic synchronization time based on Sync Frequency set in the Synchronization Frequency section.

    Synchronization Failure Reminders

    When you synchronize users, errors may occur due to conflicts, resulting in partial or complete failure to synchronize user, department, position, and role data, which can lead to outdated permissions.

    In the above situations, it is necessary to notify the corresponding admins timely. Therefore, FineBI provides the Sync failure reminder function.

    Configuration Methods

    The admin logs into FineBI, clicks Manage > User > Global Setting to set the receiver of synchronization failure reminders, and clicks Save.

    Note:

    1. Click Enable SMS Function to configure the SMS settings.

    2. Click Enable Email to configure the email settings.

    Demonstration

    After the first manual or automatic synchronization failure, the system will send an SMS, email or platform reminder to the admin. It will continue to send reminders until the next successful synchronization. After that, if there is another synchronization failure, reminders will be sent again.

    Note:

    If there are multiple consecutive synchronization failures, the reminder message will only be sent for the first failure.

    The reminder monitoring status will be reset only when there is a successful synchronization, the system is restarted, or the synchronized users are enabled.

    After that, if there is another synchronization failure, reminders will be sent again.

    SMS

    Platform

    Email

    Attachment List


    Theme: Admin Guide
    Already the First
    Already the Last
    • Helpful
    • Not helpful
    • Only read

    售前咨询电话

    400-811-8890转1

    在线技术支持

    在线QQ:800049425

    热线电话:400-811-8890转2

    总裁办24H投诉

    热线电话:173-1278-1526

    文 档反 馈

    鼠标选中内容,快速反馈问题

    鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。

    不再提示

    10s后关闭