Overview
Version
| FineBI Version | JAR Package | Authorization Export Plugin | Functional Change |
|---|---|---|---|
5.1 | 2020/04/03 | V 2.0 | Supported the function of exporting permission-related Excel files. |
5.1.7 | / | V 3.0 | Supported the function of automatically generating permission-related server datasets. |
5.1.13 | / | V 3.1 | Changed the field VIEWABLE in the user-module table into USABLE. |
5.1.17 | / | V 3.2 | Supported the function of exporting User permission to BI data. |
Application Scenarios
Many enterprises attach great important to permission and need to conduct periodic user access reviews to ensure that the right personnel have needed access permissions and nothing more.
Because of personnel and admin changes, it is inconvenient for new admins to know and organize specific situations of previous permissions.
Functions
By installing the Authorization Export plugin, you can finish permission auditing quickly.
The Authorization Export plugin can automatically organize users' information and permission details which can be exported as Excel files with one click.
The Authorization Export plugin can automatically generate permission-related server datasets and allows setting parameters. You can directly call a dataset for permission preview or task schedule.
Note:When URL is integrated with the permission management interface, the Authorization Export plugin is unavailable.
Introduction
Installing the Plugin
Click to download:com.fr.plugin.management.export.v11-3.3.2.zip
For details, see Plugin Management.
Permission Export
Log into the decision-making platform as a super admin, choose Manage > Permission, and click the Authorization Export tab.
For permission tables and table fields that support export, see section "Supported Tables".
Note:
Click to export. A notification will be pushed on the platform whether the export is successful or not. After successful export, you can download the file.
Note:
Permission Dataset
FineBI server version 5.1.7 or later with the Authorization Export plugin version 2.0.1 or later support this function.
After the plugin is installed, choose Manage > Data Connection > Server Dataset, and permission-related server datasets are automatically generated.
You can add database tables and call related datasets for permission preview or task schedule during the data preparation phase.
Some datasets can be configured with parameters. For details about table structures and field definitions, see section "Supported Tables".
Supported Tables
The tables supported in Authorization Export and permission auditing are as follows.
Permission Table | Table Definition | Permission Export | Permission Dataset | Parameter in Permission Dataset |
user_info | Users' information | Support | Support | Not support parameters. Use full data. |
user_module | Users' permission of the platform management module | Support | Support | Not support parameters. Use full data. |
user_entry | Users' permission of Directory | Support | Support | Support parameters. Username can be passed. |
user_template | Users' permission of a single dashboard | Support | Support | Support parameters. Username can be passed. |
user_connection | Users' permission of Data Connection | Support | Support | Not support parameters. Use full data. |
user_package | Users' permission of FineBI data | Support | Support | Support parameters. Username can be passed. |
role_entry | Roles' permission of Directory | Not support | Support | Supports parameters. Role can be passed. |
role_template | Roles' permission to a single dashboard | Not support | Support | Supports parameters. Role can be passed. |
role_package | Roles' permission of FineBI data | Not support | Support | Supports parameters. Role can be passed. |
dep_role_entry | Departments' permission of Directory | Not support | Support | Supports parameters. Department path can be passed. |
dep_role_template | Departments' permission of a single dashboard | Not support | Support | Supports parameters. Department path can be passed. |
dep_role_package | Departments' permission of FineBI data | Not support | Support | Supports parameters. Department path can be passed. |
Note:Parameter values can be set to empty, a single value, or multiple values:
1. Parameter as empty: No need to enter. Query full data.
2. Parameter as a single value: Enter technical support. The queried parameter value is the permission of technical support.
3. Parameter as multiple values: Enter technical support|sales department (The string | is needed.) The queried parameter value is the permission of technical support or sales department.
user_info
Note:Field | Definition | Note |
USERID | User ID | / |
USERNAME | Username | / |
REALNAME | Name | / |
CREATIONTYPE | Creation type: Manual creation Synchronous creation | / |
LASTOPERATIONTYPE | Last operation type: Manual Synchronous | / |
DEPT_POST | Department and position
| If a user has multiple departments and positions, they are displayed together and separated by |, such as development-manager|technical support-manager
|
ROLE | Role Example: common role | If a user has multiple roles, they are displayed together and separated by |, such as common role 1|management team.
|
MOBILE | Telephone number | / |
Mailbox | / | |
ENABLE | Users' status: Enable Disable | / |
user_entry
Users' viewing, editing, and authorizing permissions of Directory
Note:1. Homepage's permissions cannot be exported.
2. If a user has no viewing, editing, or authorizing permissions of a certain directory, no authorization record of the directory will be generated for the user.
Field | Definition |
USERID | User ID |
USERNAME | Username |
REALNAME | Name |
ENTRY | Location of directories in Manage > Directory > Directory List Example: Management cockpit/company comprehensive operation cockpit |
TEMPLATE_URL | Storage path of dashboards in FineBI Dashboard: 1/management cockpit/company comprehensive operation cockpit Link: https://www.google.com/ Report tag: my report task |
VIEWABLE | User's viewing permission of Directory Yes: with the viewing permission No: without the viewing permission |
EXPORTABLE | User's exporting permission of Directory Yes: with the exporting permission No: without the exporting permission |
EDITABLE | User's editing permission of Directory Yes: with editing permission No: without editing permission |
AURHORABLE | User's authorizing permission of Directory Yes: with the authorizing permission No: without the authorizing permission |
user_template
Users' viewing and exporting permissions to a dashboard in FineBI after Role Permission Authentication is enabled.
Note:1. If Template Authentication is disabled, the exported content of user_template will be empty.
2. If a user has no viewing and editing permissions of a certain dashboard, no authorization record of the dashboard will be generated for the user.
Field | Definition |
USERID | User ID |
USERNAME | Username |
REALNAME | Name |
TEMPLATE | Storage path (such as 1/Management cockpit/Company comprehensive operation cockpit) of dashboards in FineBI |
VIEWABLE | User's viewing permission of dashboards Yes: with the viewing permission No: without the viewing permission |
WRITABLE | User's reporting permission of dashboards If the user do not have reporting permissions of dashboards in FineBI, the field value of WRITABLE will be no. |
EXPORTABLE | User's exporting permission of dashboards Yes: with the exporting permission No: without the exporting permission |
user_connection
Users' using, managing, and authorizing permissions of Data Connection after Data Connection Control is enabled.
Note:1. If the admin has not enabled Data Connection Control, the exported content of user_connection will be empty.
2. If a user has no using, managing, or authorizing permissions of Data Connection, no permission record of the data connection will be generated for the user.
Field | Definition |
USERID | User ID |
USERNAME | Username |
REALNAME | Name |
CONNECTION | Name of data connection in FineBI |
USABLE | Users' using permission of Data Connection Yes: with the using permission No: without the using permission |
EDITABLE | Users' managing permission of Data Connection Yes: with the managing permission No: without the managing permission |
AURHORABLE | Users' authorizing permission of Data Connection Yes: with the authorizing permission No: without the authorizing permission |
user_module
Uses' viewing and authorizing permissions to the platform management module after Hierarchical Permission Management is enabled
Note:1. If the admin has not enabled Data Connection Control, the exported content of user_module will be empty.
2. If a user has no using and authorizing permissions to a certain platform management module, no permission record of the platform management module will be generated for the user.
Field | Definition |
USERID | User ID |
USERNAME | Username |
REALNAME | Name |
MODULE | Management module indecision-making platform Example: User |
USABLE | User's permission of the platform management module Yes: with the using permission No: without the using permission |
AURHORABLE | User's permission of the platform management module Yes: with the authorizing permission No: without the authorizing permission |
user_package
Users' using, managing, and authorizing permissions of groups/business packages/FineBI data tables
Note:1. If a user has no using, managing, and authorizing permissions of a certain group/business package/data table, no permission record of the group/business package/data table will be generated for the user.
2. Users have no managing permission of a single data table.
Field | Definition |
USERID | User ID |
USERNAME | Username |
REALNAME | Name |
PACKAGE | Location of groups/business packages/FineBI data tables Example: My Analysis/Business Theme/Sales Management |
ENGINE | Type of data tables Spider: extract data Direct: real-time data |
| WIDGET_DATA | Component data permission yes: with the component data permission no: without the component data permission |
USABLE | Users' using permission of groups/business packages/FineBI data tables Yes: with the using permission No: without the using permission |
EDITABLE | Users' managing permission of groups/business packages/FineBI data tables Yes: with the editing permission No: without the editing permission |
AURHORABLE | Users' authorizing permission of groups/business packages/FineBI data tables Yes: with the authorizing permission No: without the authorizing permission |
role_entry
Roles' viewing, editing, exporting, and authorizing permissions of Directory
Note:1. Homepage's permissions cannot be exported.
2. If a role has no viewing, editing, exporting, and authorizing permissions of a certain directory, no permission record of the directory will be generated for the role.
Field | Definition |
ROLEID | Role ID |
ROLE | Role |
ENTRY | Location of directories in Manage > Directory > Directory List Example: Management cockpit/company comprehensive operation cockpit |
TEMPLATE_URL | Storage path of dashboards in FineBI Dashboard: 1/management cockpit/company comprehensive operation cockpit Link: https://www.google.com/ Report tag: my report task |
VIEWABLE | Roles' viewing permission of Directory Yes: with the viewing permission No: without the viewing permission |
EXPORTABLE | Roles' exporting permission of Directory Yes: with the exporting permission No: without the exporting permission |
EDITABLE | Roles' editing permission of Directory Yes: with the editing permission No: without the editing permission |
AURHORABLE | Roles' authorizing permission of Directory Yes: with the authorizing permission No: without the authorizing permission |
role_template
Users' viewing and exporting permissions of dashboards in FineBI after Role Permission Authentication is enabled
Note:1. If Template Authentication is disabled, the exported content of role_template will be empty.
2. If a role has no viewing and exporting permissions of a certain dashboard, no permission record of the dashboard will be generated for the role.
Field | Definition |
ROLEID | Role ID |
ROLE | Role |
TEMPLATE | Storage path (such as 1/Management cockpit/Company comprehensive operation cockpit) of dashboards in FineBI |
VIEWABLE | Roles' viewing permission of dashboards yes: with the viewing permission no: without the viewing permission |
WRITABLE | Users' reporting permission of dashboards If the user do not have reporting permissions of dashboards in FineBI, the field value of WRITABLE will be no. |
EXPORTABLE | Roles' exporting permission of dashboards Yes: with the exporting permission No: without the exporting permission |
role_package
Roles' using, managing, and authorizing permissions of groups/business packages/FineBI data tables
Note:1. If a role has no using, managing, and authorizing permissions of a certain group/business package/data table, no permission record of the group/business package/data table will be generated for the role.
2. Roles have no managing permission of a single data table.
Field | Definition |
ROLEID | Role ID |
ROLE | Role |
PACKAGE | Location of groups/business packages/FineBI data tables Example: My Analysis/Business Theme/Sales Management |
ENGINE | Type of data tables Spider: extract data Direct: real-time data |
| WIDGET_DATA | Component data permission yes: with the component data permission no: without the component data permission |
USABLE | Roles' using permission of grouping/business package/BI data table Yes: with the using permission No: without the using permission |
EDITABLE | Users' managing permission of groups/business packages/FineBI data tables Yes: with the editing permission No: without the editing permission |
AURHORABLE | Roles' authorizing permission of groups/business packages/BI data tables Yes: with the authorizing permission No: without the authorizing permission |
dep_role_entry
Departments' viewing, editing, exporting, exporting, and authorizing permissions of Directory
Note:1. Homepage's permissions cannot be exported.
2. If a department has no viewing, editing, exporting, and authorizing permissions of a certain directory, no permission record of the directory will be generated for the department.
Field | Definition |
DEP | Department and position
|
ENTRY | The location of directories in Manage > Directory > Directory List Example: Management cockpit/company comprehensive operation cockpit |
TEMPLATE_URL | The storage path of dashboards in FineBI Dashboard: 1/management cockpit/company comprehensive operation cockpit Link: https://www.google.com/ Report tag: my report task |
VIEWABLE | Departments' viewing permission of Directory Yes: with the viewing permission No: without the viewing permission |
EXPORTABLE | Departments' exporting permission of Directory Yes: with the exporting permission No: without the exporting permission |
EDITABLE | Departments' editing permission of Directory Yes: with the editing permission No: without the editing permission |
AURHORABLE | Departments' authorizing permission of Directory Yes: with the authorizing permission No: without the authorizing permission |
dep_role_template
Departments' viewing and exporting permissions of dashboards in FineBI after Role Permission Authentication is enabled
Note:1. If Template Authentication is disabled, the exported content of dep_role_template will be empty.
2. If a department has no viewing and exporting permissions of a certain dashboard, no permission record of the dashboard will be generated for the department.
Field | Definition |
DEP | Department and position
|
TEMPLATE | Storage path (such as Demo/Analytics/Marketing/Tourism Analysis.frm) of dashboards in FineBI |
VIEWABLE | Departments' viewing permission of dashboards Yes: with the viewing permission No: without the viewing permission |
WRITABLE | Departments' reporting permission of dashboards If the user do not have reporting permissions of dashboards in FineBI, the field value of WRITABLE will be no. |
EXPORTABLE | Departments' exporting permission of dashboards Yes: with the exporting permission No: without the exporting permission |
dep_role_package
Departments' using, managing, and authorizing permissions of groups/business packages/FineBI data tables
Note:1. If a department has no using, managing, and authorizing permissions of a certain group/business package/data table, no permission record of the group/business package/data table will be generated for the department.
2. Departments have no managing permission of a single data table.
Field | Definition |
DEP | Department and position
|
PACKAGE | Location of groups/business packages/FineBI data tables Example: My Analysis/Business Theme/Sales Management
|
ENGINE | Type of data tables Spider: extract data Direct: real-time data |
USABLE | Departments' using permission of groups/business packages/BI data tables Yes: with the using permission No: without the using permission |
EDITABLE | Departments' managing permission of groups/business packages/FineBI data tables Yes: with the editing permission No: without the editing permission |
AURHORABLE | Departments' authorizing permission of groups/business packages/FineBI data tables Yes: with the authorizing permission No: without the authorizing permission |
