Overview
Version
FineBI Version | Functional Change |
6.0 | / |
Application Scenarios
The super admin can assign personnel management permissions to department, role and personnel. And the authorized user will become a sub-admin.
The sub-admin can add, delete, and modify some departments.
The sub-admin can delete and modify some roles.
The sub-admin can add some roles and departments for some users.
Example
This article will demonstrate how to assign management permission for sales department users to the sales director of the sales department, which allows the director to manage the employees on Manage > User interface.
Enabling Hierarchical Authorization
The admin logs into FineBI. Click Manage > Permission > Global Setting, enable Hierarchical Authorization, and click Save.
Personnel Management Permission Configuration
Click Manage > Permission > General permission configuration, and select department, role or personnel for authorization.
For example, select Sales director in Sales department. Click Personnel Management and enable Sales department to configure permission for the sales director.
Management Configuration
Click Manage > Permission > General permission configuration, and select department, role or personnel for authorization.
For example, select Sales director in Sales department. Click Manage and enable User.
Note: There is an association between User permission and its sub-module permission.
Module | Note | ||
User
| / | If User is not enabled and only the sub-module permission is enabled, the sub-admin will not have access to User tab under Manage, and will not be able to perform any operations in User. | |
Add role | If Add role is not enabled while User is enabled, it will not be possible to add roles. | ||
Add Department | If Add Department is not enabled while User is enabled, it will not be possible to add departments. | ||
Edit user | If Edit user is not enabled while User is enabled, then regardless of whether Reset user password, Edit user basic info (name, phone, email), and Edit the position and role of the user's department are enabled or not, the sub-admin will not have access to Edit user under Manage > User > All Users after logging in, and will not be able to perform any editing operations for users. | ||
Reset user password | Reset user password is related to Reset PWD operation in Edit User interface in Manage > User > All Users. | ||
Edit user basic info(name, phone, email) | Edit user basic info(name, phone, email) is related to the modification of name, phone number, and email in Edit User interface in Manage > User > All Users. | ||
Edit the position and role of the user's department | Edit the position and role of the user's department is related to relative operations in three scenarios: 1. Edit User interface in Manage > User > All Users. 2. Edit positions in Manage > User > Department. 3. Edit roles in Manage > User > Role. | ||
Delete user | Delete user is related to the delete button in Manage > User > All Users. | ||
Delete role | Delete role is related to the operation to delete roles in Manage > User > Role. | ||
Disable user | Disable user is related to the disable button in Manage > User > All Users. | ||
Preview
Sales director Pia logs into FineBI and clicks Manage > User to manage users, departments, and roles within the permission.
Introduction to Sub-admin's Permission
Sub-admins have the permission to manage the following three types of users:
Users: users under authorized departments, users under authorized roles, and users added by the sub-admins unassigned to other unauthorized departments or roles by the super admin.
Departments: authorized departments, including their subordinate departments and positions.
Roles: authorized roles and roles added by the sub-admins that have not had their usage permissions revoked by the super admin.
If all permissions for User are enabled, the sub-admins can perform the following user management operations:
Global Setting
Sub-admins have no access to Global Setting in User.
All Users
Sub-admins are allowed to manually add or import users, but user synchronization is not supported. When adding new users, sub-admins can assign authorized non-synchronized departments, authorized non-synchronized roles, and self-added roles to them.
In terms of authorized users, sub-admins can edit their information, disable their permissions and delete them.
Authorized User Types | Enable Edit User or Not | Edit Information | Disable Users | Delete Users |
Manually added or imported users | / | Support modifying the name, phone number, email, and resetting the password of the user. Support modifying the user's department, position, or role. | Support | Support |
Synchronized users | Enable | Support modifying the name, phone number, email, and resetting the password of the user. Support modifying the user's non-synchronized department, position, or role. | Support | Not support |
Disable | Support modifying the user's non-synchronized department, position, or role. |
Department
Not support any operations on synchronized department and positions.
Support renaming and deleting authorized non-synchronized departments.
Support adding, deleting, and editing subordinate departments and non-synchronized positions under authorized non-synchronized departments.
Support adding, deleting, and editing users under authorized non-synchronized departments and non-synchronized positions.
Role
Not support any operations on synchronized roles.
Support adding non-synchronized roles, deleting and editing authorized non-synchronized roles.
Support adding, deleting, and editing authorized non-synchronized users, and self-added users whose permission have not been revoked by the super admin
Platform User
Not support enabling or disabling User Restriction.
If User Restriction is disabled, sub-admins cannot perform any operations.
If User Restriction is enabled, sub-admins can configure the permission of user classification for authorized users.
