The permission management feature provides an important basis for system security. As a core product for enterprise data mid-end construction and digital transformation, Quick BI provides a comprehensive permission system to ensure data security. This topic describes the users and roles that are supported by Quick BI, the permission system, and the mappings between roles and permissions.
Roles and permissions
For data security reasons, all users that are added to Quick BI belong to the same organization. All subsequent operations in the Quick BI are carried out under the same organization.
At the organization level, three preset organization roles are available. You can add custom organization roles.
Organization Administrator: manages the information, status, and members of a project. Organization administrators can specify an organization user as an organization administrator.
We recommend that one to three users assume the organization administrator role. In most cases, project managers and personnel that are responsible for the Quick BI platform assume this role.
Permission Administrator: allows you to manage project resources. We recommend that one to three users assume the permission administrator role. In most cases, the personnel that are responsible for the Quick BI platform assume this role. The permission administrator grants the user account the permission administrator role, which is mainly responsible for uniformly assigning and managing permissions in the background.
common user: Users who have not been set up as organization administrators and permission administrators.
Custom Organization Role: You can customize an organization role based on your business requirements. For more information, see Organization roles.
The organization is divided into workspaces for fine-grained management. Organization administrators can create workspaces and specify workspace administrators.
A workspace administrator is mainly responsible for managing the permissions of workspace members and all resources in the workspace.
At the spatial level, there are four preset spatial roles. You can add custom spatial roles.
The workspace administrator has the permissions to create, edit, and view all modules. The workspace administrator is the role that has the most permissions in the current workspace. In addition to the preceding permissions, the workspace administrator can manage the permissions and works of other members in the workspace.
A workspace developer can connect to data sources, create datasets, analyze data, and view all resources in a workspace. Generally, enterprise IT personnel, data analysts, and data operations personnel are granted the development permissions and have the permissions to create, edit, and view all modules.
Spatial analysts can analyze data and view all data works in a workspace. Generally, they are granted analysis permissions to business personnel who need to perform business analysis and do not require high technical skills. They have the permissions to create (edit) and view BI portal, dashboards, data dashboards, workbooks, ad hoc analysis, and self-service retrieval modules, view data filling and data source, and use and view datasets.
Spatial viewers can view the content of data works by using URLs or subscription. Generally, users who need to view only data works, such as bosses and leaders, or front-line business personnel who are only used to view data results are granted access permissions and have the view permissions on all modules.
Custom Workspace Role: You can create custom workspace roles based on your business requirements. For more information, see Space roles.
