Prohibition of Incomplete Authorization Permission

Version

Application Scenarios

FineBI prohibits incomplete authorization permission congifuration by default. This document introduces several scenarios of preventing incomplete authorization permission.

Authorization Permission of Personnel Management

Assign the authorization permission of Personnel Management to roles, users, or non-hierarchical departments.

The authorization permission of sub-departments cannot be revoked if the authorization permission of the parent department is assigned. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of Directory

User Group Dimension

Assign the authorization permission of Directory to roles, users, or non-hierarchical departments.

The authorization permission of sub-directories cannot be revoked if the authorization permission of the parent directory is assigned. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Resource Dimension

Assign the authorization permission of a parent directory to roles, users, or non-hierarchical departments.

Although the icon  (used to assign permissions for roles, users, or non-hierarchical departments by sub-directories) has not grayed out, you cannot revoke the permission and a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of System Management

Assign the authorization permission of User Management in System Management to roles, users, or non-hierarchical departments.

If the authorization permission is assigned to the User Management node, you cannot revok the authorization permission assigned to the sub-nodes of User Management. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of Role Permission Authentication

Assign the authorization permission of templates to roles, users, or non-hierarchical departments (enable Role Permission Authentication first).

If the authorization permission of the template parent folder is assigned, you cannot revoke the authorization permission of sub-templates or sub-folders. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of Personnel Management

Assign the authorization permission of Personnel Management to hierarchical departments.

If the authorization permission of a parent department is assigned to another parent department, you cannot revoke the authorization permission of a sub-department to a parent department and the authorization permission of a sub-department to another sub-department. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource. 

Authorization Permission of Directory 

User Group Dimension

Assign the authorization permission of Personnel Management to hierarchical departments.

If the authorization permission of a parent directory is assigned to a parent department, you cannot revoke the authorization permission of a sub-directory to a parent deparment and the authorization permission of a sub-directory to a sub-department. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Resource Dimension

Assign the authorization permissions of a parent directory to a parent department.

Although the icon  (used to assign the authorization permission to a parent department and a sub-department) has not grayed out, you cannot revoke these permissions. A prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of System Management

Assign the authorization permission of User Management in System Management to tree-structure(hierarchical?) departments.

If you assign the authorization permission of the User Management node to a parent department, you cannot revoke the authorization permission of sub-nodes in User Management to the parent department and the authorization permission of sub-nodes in User Management to sub -departments. A prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of Role Permission Authentication

Assign the authorization permission of templates to tree-structure departments (enable Role Permission Authentiation first).

If the authorization permission of template parent folders is assigned to parent departments, you cannot revoke the authorization permission of sub-templates or sub-folders to parent departments and the authorization permission of sub-templates or sub-folders to sub-departments. In this case, a prompt pops up: Cannot be reverted, it needs to be consistent with the parent nodeof the parent resource.

Authorization Permission of Personnel Management

Assign the authorization permission of sub-departments in Personnel Management to a user and revoke the permission.

Then assign the authorization permission of parent departments to Dept., Position, or Role where the user is located. In this case, a prompt pops up: The following are records of historically disabled authorization. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time.

Check the user's permissions for the sub-department again. You can find that the permission is still disabled and does not change with the permission changes in Dept., Position, or Role.

Authorization Permission of Directory

Assign the authorization permission of sub-directories in Directory to a user and revoke the permission.

Then assign the authorization permission of parent directories to Dept., Position, or Role where the user is located. In this case, a prompt pops up: The following are records of historically disabled authorization. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time.

Check the user's permissions for the sub-directory again. You can find that the permission is still disabled and does not change with the permission changes in Dept., Position, or Role.

Authorization Permission of System Management

Assign the authorization permission of sub-nodes in User Management of System management to a user and revoke the permission.

Then assign the authorization permission of nodes in User Management to Dept., Position, or Role where the user is located. In this case, a prompt pops up: The following are records of historically disabled authorization. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time.

Check the user's permissions for the sub-node again. You can find that the permission is still disabled and does not change with the permission changes in Dept., Position, or Role.

Authorization Permission of Role Permission Authentication

Assign the authorization permission of sub-templates or sub-folders to a user and revoke the permission (enable Role Permission Authentication first).

Then assign the authorization permission of template parent folders to Dept., Position, or Role where the user is located. In this case, a prompt pops up: The following are records of historically disabled authorization. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time.

Check the user's permissions for the sub-template/sub-folders again. You can find that the permission is still disabled and does not change with the permission changes in Dept., Position, or Role.