I. Overview
1. Version
Designer |
---|
10.0.19 |
2. Application scenario
FineReport authorization permission configuration. Incomplete authorization is disabled by default. This article describes several scenarios for preventing incomplete authorization.
II. Authorize role/user/non-tree department
1. Personnel management authorization
Assign the Personnel Management permission to role, user, and non-tree department.
If the permission granted to its parent department, the permission granted to its subdepartment cannot be cancelled. The message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2. Directory authorization
a) User group dimensionAssign Directory permission to role, user, and non-tree department.
If the permission of the parent directory is granted, the permission of the subdirectory cannot be cancelled. The message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
b) Resource dimensionAssign parent directory permission to role, user, and non-tree department.
In this case, the blue lock that the subdirectory grants permissions to role, user, and non-tree department is not grayed out, but the permission cannot be revoked. The message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource"" is displayed.
3. Manage authorization
Assign permission to role, user, and non-tree department by choosing Manage > User.
If the User node is assigned, the child node of User cannot be cancelled. The system displays the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource"
4. Role permission authentication authorization
If Role Permission Authentication is enabled (For details,see Role Permission Authentication), assign template permission to role, user, and non-tree department.
If you grant permission to the parent folder of the template, you cannot cancel the granted permission to the child template or folder of the template. The message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
III. Tree department authorization
1. Personnel management authorization
Assign Personnel Management permission to departments in the tree structure.
If the parent department is assigned the permission:
1) Cannot cancel the permission to configure subdepartments for the parent department, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2) Cannot cancel the authorization permission configured for the subdepartment, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2. Directory authorization
a) User group dimensionAssign Directory permission to departments in the tree structure.
If the parent department is assigned the permission:
1) Cannot cancel the permission to configure subdepartments for the parent department, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2) Cannot cancel the authorization permission configured for the subdepartment, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
b) Resource dimensionGrant permission for the parent directory to the parent department.
In this case, the blue lock that the subdirectory grants permissions to parent departments and subdepartments is not grayed out, but these permissions cannot be cancelled. The message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
3. Manage authorization
Choose Manage > User to assign authorization permission to departments in the tree structure.
If the User node is assigned to the parent department
1) The child nodes of User cannot be assigned to the parent department, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2) The child nodes ofUser cannot be assigned to the subdepartment, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
4. Role permission authorization
If Role Permission Authentication is enabled (For details,see Role Permission Authentication), assign permission to templates for departments in the tree structure.
To assign permission to the parent department for the parent folder of a template:
1) Cannot cancel the permission to configure subtemplates or subfolders for the parent department, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
2) Cannot cancel the permission to configure subtemplates or subfolders for subdepartments, and the message "Cannot be inverted, it needs to be consistent with the parent node of the parent resource" is displayed.
IV. Mixed authorization
1. Personnel management authorization
Configure the denial permission for the sub-department of Personnel Management for the user (Just click the lock, then click Konw it, then click the clock again).
When you assign authorization permission to the parent department, a pop-up message is displayed stating "The following are historical authorization disabled records. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time."
In this case, you can view the user's permission on the subdepartment again. The permission is still disabled and does not change due to the change of department, position, or role permission.
2. Directory authorization
Configure the permission to deny permission for subdirectories in Directory.
When you configure authorization permission for the User node for the department/position/role to which the user belongs, a pop-up message is displayed stating "The following are historical authorization disabled records. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time."
In this case, the user's permission on the subdirectory is still disabled and does not change due to the change of department, position, or role permission.
3. Manage authorization
Configure the permission to deny permission for the Manage > User to manage the child node.
When you configure authorization permission for the User node for the department/position/role to which the user belongs, a pop-up message is displayed stating "The following are historical authorization disabled records. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time."
In this case, you can view the permission of the child node of User again. The permission is still disabled and does not change due to the change of department, position, or role permission.
4. Role permission authorization
If Role Permission Authentication is enabled (For details,see Role Permission Authentication), configure the permission to deny permission for subtemplates or subfolders.
When you configure authorization permission for the Directory node for the department/position/role to which the user belongs, a pop-up message is displayed stating "The following are historical authorization disabled records. Because you have configured authorization disabled on the parent resource, these authorization disabled records interrupt the authorization operations for the following users. Please handle them in time."
In this case, you can view the permissions of the user on the subtemplates and subfolders again. The permissions are still disabled, and the permissions of the department, position, or role are not changed.