Overview
Version
| Report Server Version | Functional Changes |
|---|---|
| 11.0 | / |
| 11.0.6 | Added Resource Migration function for secondary administrators |
| 11.0.13 | Added management of secondary administrator's permission for platform log |
Functions
The data decision-making system allowss adding multiple sub-administrators to assist the supervisor in system management/user management.
Example
Example of this chapter: Assign the Use permissions of the management system modules System and Intelligent Operation to the secondary manager eoco, so that eoco can perform System and Intelligent Operation on the system on the Manage page.
Enabling Hierarchical Permissions
The administrator logs in to the data decision-making system, clicks Manage > Permission > Global Settings, activates the Hierarchical Authorization button, and clicks Save.
Note: To assign manage authority, Leveled Authorization button must be enabled.
Permission to Use the Configuration Management System
The admin logs in to the data decision system, clicks Manage > Permission > General permission configuration, and selects the rights carrier Dept./Role/User. In this example, the user eoco is selected.
Select the Manage tab, and configure the Use permissions of the modules System and Intelligent Operation for eoco.
Effect Preview
User eoco logs in to the data decision system, clicks Manage, and can use System and Intelligent Operation.
Secondary Administrator Permission Scope
In order to ensure the security of the system, even if the secondary manager has the right to use the management system, some operations are still not supported. The details are shown in the following table:
| Object | JAR package before 2019-12-05 | JAR package after 2019-12-05 |
|---|---|---|
| Directory | Display the directory with edit permission, including the home page; Support to add, delete and edit the directory | Display the directory with edit permission, including the home page Support to add, delete and edit the directory Note: Edit the template scope of directory filtering (see Section III.2 for details) |
| Personnel management | Display departments, roles and users with authorization (including users without ownership) Users can add, delete and edit in asynchronous dataset Departments can add, delete and edit in asynchronous dataset All jobs can be viewed, added or deleted in asynchronous dataset Supporting interdepartmental mobility in asynchronous datasets Support role adding, deleting and editing Support to disable users Support platform users to edit, but you can't move yourself out of platform users | Display departments, roles and users with authorization (including users without ownership) Users can add, delete and edit in asynchronous dataset Departments can add, delete and edit in asynchronous dataset All jobs can be viewed, added or deleted in asynchronous dataset Supporting interdepartmental mobility in asynchronous datasets Support role adding, deleting and editing Support to disable users Support platform users to edit, but you can't move yourself out of platform users Note: 1. Secondary administrator is not allowed to set global configuration of user management. 2. Secondary administrator can not see the synchronization user button. 3. Job deletion is not supported in asynchronous datasets. |
Permission | Support permission configuration and quick configuration within permission range | Support permission configuration and quick configuration within permission range Note:Secondary management is not allowed to set global configuration of permission management. |
| Appearance | The first level directory node with view permission can be seen in the directory icon configuration | Note: The directory icon configuration shows the full directory. |
| System | ALL | ALL |
| Task Schedule | Add, delete, run and other management of scheduled tasks Operation monitoring | Add, delete, run and other management of scheduled tasks Operation monitoring Note: 1. Secondary management is not allowed to set global configuration of task schedule. 2. Task schedule template selection scope (see section III.3). |
| Mobile | ALL | ALL |
| Registration | ALL | ALL |
| Intelligent operations | ALL | Note: The secondary administrator is not allowed to set the global settings of cluster configuration, platform log, backup and restore. |
| data connection | Support the edit and delete of data connection within the scope of authority Support new data connection Other | Support the edit and delete of data connection within the scope of authority Support new data connection Other |
| Plugins management | ALL | ALL |
| Safety management | ALL | ALL |
| Template authorization | Secondary administrator can not see the template authentication node | Note: 1. Secondary administrator can only view the nodes that need to be authenticated with only the permission of view and data entry. 2. Secondary administrator is not allowed to set the global configuration of template authentication . 3. Template certification template scope (see Section III.1). |
| Map configuration | ALL | ALL |
Other plug-in extension nodes | ALL | ALL |
Note:
1. Jar package is the designer on January 15, 2020 and later. The secondary administrator can't manually add or import users in synchronization status.
2. Jar package is the designer on March 26, 2020 and later. When the secondary administrator clears the user list, he will not delete himself. He/she can not operate the Restricted User switch of Platform User.
Secondary Administrator Template Scope
If template authentication is not enabled, all templates in the system can be used by the secondary pipe.
If template authentication is enabled, only some templates can be used by the secondary manager.
Template Authentication
| Template Authentication Mode | Scope of templates available for use/search | Example |
|---|---|---|
| Turn off | Secondary administrator can visit all the template |
|
| Authentication user password | ||
| Digital signature | ||
| Role permission | The secondary administrator can use the template that needs to be authenticated with permission to view or data entry Note: The ssecondary administrator only needs to have any permission of view or data entry to perform two kinds of authorized operations of view and data entry. | |
Directory Management
| Template Authentication Mode | Scope of Templates Available for Use/Search | Example |
|---|---|---|
| Turn off | Secondary administrator can visit all the template |
|
| Authentication user password | ||
| Digital signature | ||
| Role permission | Secondary administrator can use the template with view and data entry permission | |
Task Schedule
| Template Authentication Mode | Scope of templates available for use/search | Example |
|---|---|---|
Turn off | Secondary administrator can visit all the template | |
| Authentication user password | ||
| Digital signature | ||
| Role permission | Secondary administrator can use the template with view and data entry permission; Secondary administrator can use template without authentication | Only shows the template demo we authentic in III.1 |
