| You will learn |
|---|
|
Authorization Quick Configuration
By Permissions Quick Configuration feature, you can quickly check the current status of Directory Permissions, and assign them to permission receptors (dept., role and user). It is the same with assigning Directory Permissions to dept., role and user in Permission Configuration page.
I. User Interface
1. Permission page
Login the Decision-making System as an administrator, and click Manage -> Permission -> Permission Quick Configuration as shown below.
2. What's on Page
On this page, you can find Directory Permissions on the left and permission receptors on the right.
II. Example
We'll be using an example to show how to do quick configurations for permissions.
1. Select and Assign Directory Permissions
Select the Report directory and assign its View permission to Human resources. For Sales department, assign View, Edit and Authorize permissions.
2. Go Back to Permission Configuration and Check up
1) The directory permissions of Human resources are as follows, where you can see that the View permission of Report has been assigned.
2) The directory permission of Sales department is shown as below, where View, Edit and Authorize permissions of Report have been assigned
3. Impact on Users
1) Lisa (ID: Lisa, PWD: 123456) from Sales department can access to all templates.
2) If a dept./role/user has the Authorize permission of a directory, the View permission of Permission page must be assigned as well. The reason is that users need to do permission assignments inside the Permission page; an administrator account is able to assign View, Edit and Authorize permissions of Permission page to Lisa.
3) The Authorize permission requires Personnel Management permissions as well, so you'll need to assign them in Personnel Management (Authorize under All Departments and All Roles) to Lisa with an administrator account.
4) Login with Lisa's account again. Now she is able to assign View, Edit and Authorize permissions of Report to any department, role or user.
Global Settings
Permission refers to the security rules or security policies set within the system, aimed at limiting users to their authorized resources in a proper way.
In FineReport Decision-making Platform, the Permission feature is composed of two aspects, namely, the permission item and the receptor.
1) Permission Item
The permission item refers to the permission itself that gets assigned. Items in FineReport Decision-making Platform include User Management, Directory Management, System Management,Data Connection and Task Schedule.
2) Permission Receptor
The permission receptor refers to the actual assignee who gets the permission item. Receptors in FineReport Decision-making Platform include Department, Role and User.
For more information on Directory Management, please refer to Personnel Authorization, Directory Authorization, System Management Authorization, Data Connection Authorization, Task Schedule Authorization.
I. User Interface
1. Permission Page
Login the decision-making system as an administrator, click Manage -> Permission and go to the Permission interface as shown below:
2. What's on Page
The right side of the page is divided into 3 sections, namely, the toolbar on top, Permission Receptors at the bottom left and Permission Items at the bottom right. These sections will be separately introduced in detail as below.
II. Toolbar
1. Global Setting
1) Click on the Global Setting button to the setting page, where you can specify the status of Hierarchical Authorization.
2) Authorize permission can be assigned to receptors once Hierarchical Authorization is enabled.
3) Edit permission of directories supports being assigned to receptors with Directory Edit enabled.
4) Use, Manage as well as Authorize permissions of data connections can be assigned to receptors once Data Connection is enabled.
2. Permission Configuration
In Permission Configuration page, you are able to assign Personnel Management, Directory Permissions, Manage System, Task Schedule and Data Connection permissions to various receptors.
3. Permissions Quick Configuration
Various permissions of Directory can be assigned to receptors on this page.
III. Permission Receptor
Permission receptors include departments, roles and users. Once the permission receptors are selected, more information will appear on the lower left side of this page.
1. User Filter
Select users from a specific Dept. and assign permissions by user filter feature. For example, the steps to filter users from Technical Support are as below:
2. Permission Reuse
Users may encounter the following scenarios when configuring permissions.
Permissions for multiple roles are quite similar with only a few differences. It's ideal for users to set permissions by batch action, without the need of setting it individually for each role.
For newly added roles, it would be great if users are able to reuse the permissions set for an existing role and get things fine-tuned, which helps to avoid repetitive configuration and reduce the workload.
The Permission Reuse feature:
Allows users to reuse the configurations of permissions previously set for specified departments/positions in newly added or existing departments/positions.
Allows users to reuse the configurations of permissions previously set for specified roles in newly added or existing roles.
Note:
To reuse Manage permissions, please enable Hierarchical Authorization; otherwise, only Directory Permissions is available to reuse. Please refer to instructions on enabling Hierarchical Authorization.
The permissions already in reuse support to be adjusted and saved in Manage -> Permission.
1) The following example shows the way to reuse Directory Permissions in Depts. Assign the View and Authorize permission of Data Entry to Financial department. Meanwhile, assign the View permission of Chart to Technical support.
2) Click the Permission Reuse button as shown below:
3) Select Directory Permissions. Choose Dept. in Reuse Source. Check Technical support and click Next. Then, check the Financial department in Reuse Target, click OK, and the Directory Permissions will be reused in Financial department, as shown below:
Note: once reused, the permissions of the current Dept. positions will be replaced by those in Reuse Source.
4) The Directory Permissions tab of Financial department is now displayed as follow:
IV. Permission Item
Permission items include Personnel Management, Directory Permissions, Manage System, Task Schedule and Data Connection, which will be covered in the following sections separately.
V. Permission Configuration (Partially Selected)
When checking the configuration of Directory Permissions in the Decision-making System, an administrator is unable to confirm the permission status of a child node with the directory collapsed. Checking whether the texts in Directory Permissions are highlighted or not is helpful to understand the permission configuration status.
The partially selected highlight applies to all 4 types of permissions in Permission Configuration, which are Personnel Management, Directory Permissions, Manage System, Task Schedule and Data Connection. However, it doesn't apply to Permissions Quick Configuration. Take Directory Permissions as an example.
1. Child Node with Permission
If a child node is vested with the View permission of a directory, the node and its parent node will be highlighted whether the parent node has the View permission or not.
That is, a parent node will be highlighted even with minimum permission, as shown below:
2. Child Node without Permission
If a child node and its parent node don't have the View permission of a directory, no highlight will be displayed as seen below:
Hierarchical Authorization
1) In the scenario of multiple departments sharing the same system and each having its administrators, assigning permissions to its members is what we call "Multi-layer Administrator Assignment". Administrators on a certain level can only handle the assignment of template permissions within their responsibilities.
2) System administrators are allowed to turn on Hierarchical Authorization in Permission page, assign Authorize permission to lower-level administrator roles and configure the assignees available. As a result, lower-level administrators are able to assign permissions within their power to other roles.
I. Enable Hierarchical Authorization
1. Go to Permission Configuration
Login the Decision-making System as an administrator, then click Manage -> Permission and you'll see the page below if Hierarchical Authorization is not enabled.
2. Global Setting
1) Click on the Global Setting button and turn on Hierarchical Authorization, then click Save.
Note: Edit Directory, Task Schedule and Data Connection permissions can be enabled here as well.
2) At this time, Permission page is shown as below. The Authorize option is now displayed in Directory Permissions. Personnel Management,Manage and Task scheduletab show up as well.
II. Introduction
Administrators should keep some important things in mind when assigning permissions.
If the Authorize permission needs to be assigned to positions or roles, the first thing to do is to turn on Hierarchical Authorization;
The lower-level administrators are required to have Authorize permission of certain reports as well as the platform management, before assigning use permissions of those reports and platform management features.
A certain role must have the Authorize permission and View permission of Permission at the same time. This is because permission assignment actions need to be conducted inside the Permission page;
Users that the lower level administrator has access to are those assigned by system administrators, under their permitted departments and roles, as well as those who don't belong to a department or have a certain role. The structure of the department will be displayed too;
If multiple administrators assigned permissions to the same role, the latest configuration will be incrementally updated on the basis of the previous ones;
All templates, including those that lower-level administrators don't have access to, will be deleted when removing the report directory.
A lower-level administrator can't edit (add/remove) users of a certain role before View permission of User is assigned.
III. Example
Permission items are divided into 3 categories, which are Dept., Role and User, based on the permission receptors.
Let's take a look at the example concerning Dept.
1. Personnel Management
Click Manage -> Permission, go to the tab of Dept., select Leadership department, and assign it the Personnel Management permissions of Human resources. This way, users within Leadership department will have Authorize permission over Human resources, as shown below:
2. Directory Permissions
Go to tab Directory Permissions and assign View and Authorize permissions of directory "Report" to Leadership department:
3. Manage
Got to tab Manage and assign View permission of User and Permission to Leadership department:
4. View Results
1) When Tom (ID: Tom, pwd: 123456) from Leadership department logs in the Decision-making System, he will see Directory page look like as below:
Note: the reason why a blank homepage is displayed here is that View permission of Home page didn't get assigned to Leadership department.
2) Tom can perform Personnel Management duties on users from the human resources department:
3) In Personnel Management, Tom can assign Authorize permission of the human resources department to the same department or subordinate positions, as shown below:
4) Tom can assign View and Authorize permissions of directory "Report" to Human resources, as shown below:
5) Considering System administrators only assigned View permissions of User and Permission to Leadership department, here Tom can't assign the permissions to other users as follow:
Note: system administrators need to assign Authorize permission of User and Permission to Leadership department back in section IV.3., in order to make it possible for a user from this department to assign permissions of User and Permission to other users.
6) Tom can assign View and Authorize permissions of directory "Report" to Human resources in Permission Quick Configuration.
Previous:Assign authority according to position
