反馈已提交
网络繁忙
FineBI Version
Functional Change
6.0
/
Multiple departments share the same system where each department has its own admin who assigns permissions to the department's employees, thus enabling hierarchical assignment of admins.
Subsidiary admins can only manage template permissions within their own scope of responsibilities.
The admin can log into FineBI and click Manage > Permission to set all permissions of the system in this page.
Note: You need to complete the configuration of User before assigning permissions.
Permission carrier: the object that obtains permissions, including departments, roles, and users
Permission Carrier
Application Scenario
Department
When the departmental structure is clear and well-defined, it is the best choice to
use departments as the permission carrier.
Role
A collection of people with the same identity (not the departmental structure) in
different departments
For example, Peter belongs to the Internal Services department while Marks the
Marketing department, but they are both shareholders who do not belong to any
position within the departmental structure.
Position
Industries such as retail and banking have businesses in many cities with identical
departments and positions in each city.
It is burdensome for admins to configure permissions one by one when assigning
them to the same positions in different departments.
In this case, it is suitable to use positions as a dimension to assign permissions in
batches.
User
Some users may need to temporarily view a certain template.
Leaders who may hold multiple positions have permissions to view some
templates, but their departments and roles do not have such permissions.
Sometimes, to assign dashboard permissions to specific individuals, a new
role must be created for them.
In this case, permissions can be assigned individually to certain special personnel
(users), without the limitations of departmental positions or roles.
The admin can assign permissions for Dept. and Role in Permission Quick Configuration.
The admin can assign permissions for individual user in User final authority.
Permission entity: the assigned permission item, including Directory, Personnel Management, Manage, Data Connection, Task Schedule, Data Authorization and Share Authorization
In FineBI, Directory, Data Authorization and Share Authorization are enabled by default.
The super admin can log into FineBI, click Manage > Permission > Global Setting to enable other permission settings, and click Save.
Note: The Global Setting button is not available in the subordinate admin's permission management interface.
Permission type: the types of permissions assigned to subordinate admins, including view, export, use, edit, manage, authorize
The admin can configure viewing, exporting, using, editing and managing permissions in General permission configuration.
In FineBI, Authorization configuration are disabled by default.
The super admin needs to enable Hierarchical Authorization before configuring authorization permissions.
After enabling Hierarchical Authorization, you can Authorize permissions for the subordinate admins.
The descriptions for each type of permission are shown in the following table:
Permission Type
Description
Directory
View
View the specified directory.
Data of Components
View the data of components in dashboards in the directory.
Export
Export the data of the dashboards mounted on the directory.
Edit
Edit the platform directory.
Authorize
Assign the directory-related permissions to subordinate users.
Personnel Management
Manage
Add, delete, or change some departments.
Delete or change some roles.
Add roles and departments for some users.
Assign Personnel Management permissions to the subordinate users.
Permission to use relevant functions in Manage
Data Connection
Use
Permission to use a specific data connection
Subordinate admins can log into FineBI and go to Manage > Data
Connection > Data Connection Management > Data Connection to
add data.
Permission to manage a specific data connection
Connection > Data Connection Management to perform operations
such as copying, renaming, modifying, and deleting the data connection.
Permission to authorize a specific data connection
Subordinate admins can log into FineBI and go to Manage > Permission > Data Connection to assign corresponding permissions of the data
connection to the manageable users.
Task Schedule
Permission to manage the assigned scheduled task and use the
scheduled task node
Subordinate admins can log into FineBI and go to Manage > Task
Schedule to perform operations such as editing, copying, viewing,
deleting, and creating scheduled tasks.
Permission to authorize the assigned scheduled task and scheduled
task node, and to use the permission management node
Subordinate admins can log into FineBI and go to Manage > Permission to assign the management permission of the scheduled task to other
recipients.
Data Authorization
Component Data
View the data of components in the dashboard that uses Public Data in Directory.
View the data of tables in Public Data, and use the data of tables in My Analysis.
Data Management
Edit, add and delete tables in Public Data.
File Management
Edit, add and delete folders in Public Data.
Data Publishing
Publish tables in My Analysis to Public Data.
The admin can authorize users, so that they can assign permissions of
Public Data to other users.
Rows and Columns of Data
FineBI provides methods to set row and column permissions for public
data tables.
Row permissions: Users are limited in using specified rows in the
dataset by adding analysis, filtering, and other conditions.
Column permissions: Users are limited in using specified columns in
the dataset by ticking the corresponding boxes.
Share Authorization
Sharing the Public Link of
Dashboards
After creating a dashboard, users can share it to people who do not have a FineBI account or install FineBI on their PC to view.
Sharing the Dashboards to
Users can click Share to directory in the FineBI's Dashboard interface
to share the dashboard to specific departments, roles, or users.
Resource Collaboration
FineBI supports collaboration, allowing folders or analysis subjects to be collaborated with other design users.
The admin can set permissions according to different dimensions: User group dimension and Resource Dimension.
FineBI defaults to User group dimension for permission configuration.
When configuring permissions, the admin selects the permission carrier on the left, and then configures the corresponding permission entity for it on the right.
When assigning permissions, the admin needs to note the following:
If a subordinate admin wants to assign the Use permission for a dashboard or platform management to others, the user needs to have the Authorize permission for that dashboard or platform management.
If multiple admins assign permissions for the same role, the later configuration will overwrite and update the earlier one.
When subordinate admins delete a directory, all templates mounted below it will also be deleted, including those without permissions.
If subordinate admins want to edit users within a role (add/delete), the admin need to assign them the User node's using permission.
The admin can click Switch to use Resource Dimension for permission configuration.
In Resource Dimension, allow assigning permission carrier for only Directory and Data Authorization, not for other permission entities.
When configuring permissions, the admin selects Directory on the left, and then assigns it to the targeted departments, roles and users on the right.
Because an employee may have multiple departments, positions, or roles and there are hierarchic structures among departments, you need to follow relevant permission logic when assigning permissions.
Logic
Introduction
User First
For the same permission entity, user permissions have a higher priority than department
or role permissions. If there are user permissions, they will take precedence.
Permission Union
When a user belongs to multiple permission carriers (departments/roles/positions) that
have been configured permissions, the user will inherit all permissions.
Parent Nodes Overriding Child Nodes
For hierarchical structures:
If permissions are assigned to a child node, and then to a parent node, in the current and lower dimensions, the parent node will override the child node's
permissions. For example, if editing permission is assigned to Template One in
Directory One, and viewing permission is assigned to the parent node, then Template One has both editing and viewing permission while other child nodes have viewing
permissions.
If permissions are revoked from a child node, and then a parent node, in the current and higher dimensions, the parent node will override the child node's
permissions. For example, if editing permission is assigned to Directory One, viewing permission is revoked from the child node, and then editing permission is revoked
from the parent node, then the child node has no permissions.
Child Nodes not Affecting Parent Nodes
For hierarchical structures, if permissions are first assigned to a parent node and then
different permissions are assigned to a child node, permissions for both the parent and
child nodes take effect independently without affecting each other.
To view directory permission configurations in the data decision-making system, when a directory is collapsed, admins cannot confirm whether the child nodes have permissions.
Admins can determine the permission configuration by checking whether the text on the left side of the directory permission configuration is highlighted.
The application limits on text half-selected highlight:
For User group dimension: applying to the four types of permissions on the right side of Permission: Directory, Personnel Management, Manage and Data Authorization.
For Resource Dimension: not applying
This section uses setting Directory permissions as an example.
If a child node has viewing permissions for Directory, regardless of whether the parent node has viewing permissions, the text of the child node and its parent node will both be highlighted. Namely, as long as there is the lowest permission, the text of the parent node will be highlighted.
1. A child node has viewing permissions for Directory, and the parent node also has corresponding viewing permissions.
2. A child node has viewing permissions for Directory, but the parent node does not have corresponding viewing permissions.
If neither the child node nor the parent node has viewing permissions for Directory, they will have no text highlighting effects.
售前咨询电话
400-811-8890转1
在线技术支持
在线QQ:800049425
热线电话:400-811-8890转2
总裁办24H投诉
热线电话:173-1278-1526
文 档反 馈
鼠标选中内容,快速反馈问题
鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。
不再提示
10s后关闭