Follow these best practices to secure your Quick BI environment, including administrator account usage, workspace management, role-based access control, and permission validity.
Access the system using the organization administrator account
After you purchase Quick BI and activate your organization as an organization administrator, use a permission administrator account for daily development and O&M instead. Grant the permission administrator appropriate permissions to handle development and management tasks. Avoid using the organization administrator account for routine operations.
Create workspaces and specify administrators for the workspaces
Quick BI uses workspaces to manage data objects and users in an organization. Each workspace typically corresponds to a theme, a project, or a department. Workspace administrators can perform most tasks of the super administrator, including data object management and member management.
Grant minimum permissions to workspace members
Quick BI workspaces provide the following roles: administrator, developer, analyst, and viewer. Assign roles to workspace members based on the principle of least privilege.
-
For users who only need to view reports without developing them, assign the viewer role.
-
For users who need to analyze data and develop reports but not create or modify dataset models, assign the analyst role.
-
For users who need to create or modify dataset models and add data sources, assign the developer role. Because developers can access core data assets in the workspace, grant this role with caution.
-
Grant workspace administrator permissions only to core management personnel.
Take note of the validity period of permissions
Quick BI allows users to request permissions on reports they are not authorized to access. When you approve such requests, set an appropriate validity period. Regularly review and revoke expired permissions to maintain access control.