Quick BI:Role Management

Limits

• Custom roles are exclusively supported by the Professional Edition.

• OpenAPI capabilities related to roles currently support only system preset roles. Support for custom roles is expected to expand in the future.

Feature Introduction

1. Official preset user roles include a default space role, with the option to delete the official role and rebind a new custom role.

   • Three organization roles are preset at the organization level: organization administrator, permission administrator, regular user.

   • Four space roles are preset at the space level: space administrator, space developer, space analyst, space viewer.

2. Customer custom roles: Enterprises can create multiple roles for users based on actual scenarios, including custom organization-level and space-level roles.

3. Feature permissions: Allows defining the scope of feature permissions for specific roles based on actual scenarios.

4. Resource permissions: Enables centralized resource authorization at both the organization and space levels.

Feature Entry

To access the Role Management page, navigate from the Quick BI home page as illustrated below.

Organization Roles

1. Create an organization role.

   On the Role Management page, follow the steps shown in the illustration to create an organization role.

   

2. Configure feature permissions.

   Configure the feature permissions of the role on the Role Management page as shown in the illustration.

   

   Tenant Management: Workspace management, enterprise security (including centralized authorization, collaborative authorization configuration, data security), artificial intelligence for IT operations, skin configuration, report configuration, map configuration.

   Enterprise Applications: Metric monitoring, subscription management, Downloads, resource plan management.

   Open Integration: Organization access token (AK/SK), OpenAPI, DataService Studio, embed analysis, custom widget & menu, and custom template.

   Note

   • The newly created organization role defaults to the feature permissions of the metric monitoring, subscription management, Downloads, OpenAPI, DataService Studio, and embed analysis modules. You can deselect or add other modules as needed.

   • Preset organization roles cannot have their feature permissions modified.

     • The Organization Administrator role has the highest permissions within the organization and can manage all functions. It supports workspace management, enterprise security (including centralized authorization, collaborative authorization configuration, data security), artificial intelligence for IT operations, skin configuration, report configuration, map configuration, metric monitoring, subscription management, Downloads, resource plan management, organization access token (AK/SK), OpenAPI, DataService Studio, embed analysis, custom widget & menu, and custom template modules.

     • The Permission Administrator role supports enterprise security, metric monitoring, subscription management, Downloads, OpenAPI, DataService Studio, and embed analysis modules.

     • The Regular User role supports metric monitoring, subscription management, Downloads, OpenAPI, DataService Studio, and embed analysis modules.

3. Add role users.

   • Add role users on the Role Management page as shown in the illustration.

     

     After clicking Add User, the selected users will be listed under Role Users. You can filter by user type to quickly view all users of a specific type or continue to select users for addition from the list on the right.

     

     Continue selecting users for addition from the list on the right.

   • Switch to User Group mode to select members across groups in batches.

     

     Supports expanding the user group (①), selecting all members within the current user group (②), or choosing specific members from the current user group (③).

     

     After clicking Add User, the selected users will be listed under Role Users.

4. Delete role users.

   • In the Role users list, hover over the desired user, click the icon located at the upper right corner of the user's entry, and select Confirm in the Remove organization role confirmation dialog to remove the user.

     

   • Batch delete users as illustrated.

     

5. Batch change role users.

   1. Access the Role Batch Change interface from the role users list as shown in the illustration.

      

   2. In the Role Batch Change interface, select the role you want to change and click Confirm.

      

Space Roles

1. Create a space role.

   Create a space role on the Role Management page as shown in the illustration.

   

2. Configure feature permissions.

   Configure the feature permissions of the role on the Role Management page as illustrated.

   

   Note

   • The newly created space role defaults to display permissions for each module. You can select or deselect feature modules and add new (edit) permissions and usage permissions for datasets and data sources for each module.

   • Preset space roles cannot have their feature permissions modified.

     • The Space Administrator role has the highest permissions in the current space, including new (edit), use, and view permissions for all modules. In addition to these permissions, it supports managing other members' permissions and works within the space.

     • The Space Developer role has new (edit), use, and view permissions for all modules.

     • The Space Analyst role has new (edit) and view permissions for BI portal, dashboard, data dashboard, workbook, ad hoc analysis, and Downloads modules. It has view permissions for data reporting and data sources, and use and view permissions for datasets.

     • The Space Viewer role has view permissions for all modules.

3. Add role users.

   The role users list on the Role Management page is initially empty for newly created roles and must be configured on the Space Members and Information page.

   

   • Navigate to the Space Members and Information page to add role users as guided below.

     

   • In the Add Workspace Members interface, select members and assign space roles.

     You can select both users and user group members.

     

     For more information, see the referenced document.

   • Once you click Confirm, the user will be successfully added to the designated workspace.

     

   • Now, on the Role Management page for the corresponding space role, the user appears in the Role Users list. You can quickly view all users of the corresponding type by clicking the user type filter.

     

4. Delete role users.

   In the Workspace management section, under Space members and information - Member management, you can remove a user by clicking the icon next to the corresponding user's name.

   

   For more information, see the referenced document.

Scenarios - Custom Data Dashboard Administrator Role

This section demonstrates how to use custom roles to assign role permissions to an employee, enabling them to effectively use BI functions within their functional scope.

Background Introduction

Consider an employee named Xiaoming from the marketing department's publicity group, who needs to use the data dashboard exclusively for external presentations.

Procedure

If you're a new customer, you can assign the appropriate role to Xiaoming by following these steps:

1. Create a new workspace, as depicted in the illustration, named "Publicity Department Demo Space".

   

2. Establish a space role for a data dashboard administrator.

   

   Assign new (edit) and usage permissions for datasets and data sources to this custom role of data dashboard administrator.

   

3. Navigate to the workspace management page and add Xiaoming as the data dashboard administrator for the "Publicity Department Demo Space".

   

Currently, Xiaoming has access solely to the data dashboard module and can utilize BI functions within his designated scope effectively.

If you are an existing customer:

Xiaoming currently holds an organization-level role as a regular user and a space-level role as a developer within the workspace. This allows Xiaoming to view all functional module directories and to create and edit functions across the space.

To assign the appropriate role to Xiaoming, follow these steps:

1. Create a space role for a data dashboard administrator.

   

   Set up edit and usage permissions for datasets and data sources specific to the data dashboard administrator role.

   

2. On the space members and information page, update Xiaoming's permissions from initialized space developer to data dashboard administrator.

   

Currently, Xiaoming has access solely to the data dashboard module and can utilize BI functions within his designated scope effectively.

Permission Priority Explanation

This section clarifies the logic of permission priority through two scenarios.

• Scenario 1:

  • Current User Permissions: Xiaoming, already a member of space A, holds an organization-level role of regular user and a space-level role of developer. He has visibility over all functional module directories within the workspace of space A and possesses the ability to create and edit various functional modules, including dashboards, workbooks, data dashboards, data sources, and datasets.

    

  • User Permission Change

    • The organization administrator creates a space role - no dashboard permission role, excluding new (edit) and view permissions for the dashboard module.

      

  • On the Space Members and Information page, you can change Xiaoming's existing initialized space developer permission to the dashboard no permission role.

  • Xiaoming will no longer see the dashboard entry for space A and cannot operate the dashboard, rendering his original space resource usage permissions for the dashboard invalid.

    

Thus, feature permissions outweigh space resource usage permissions.

• Scenario 2:

  • User Existing Permissions

    • Xiaoming is in space A with an organization-level role as a regular user and a space-level role as a space analyst.

    • He can view all directories in space A but cannot operate data sources and datasets, only managing reports he created.

    • Additionally, Xiaoming has edit permissions for three reports created by Xiaozhang in space A.

  • User Permission Change

    • On the Space members and information page, you can update Xiaoming's role from an initialized space analyst to a dashboard administrator.

    • The dashboard administrator role includes the following feature permissions.

      

    • Xiaoming can now view dashboards in space A and manage both his reports and those authorized by Xiaozhang.

      

Therefore, feature permissions are also subject to space resource permissions.