Quick BI:Add a RAM Role as an Organization User

Background Information

Quick BI defines the following user types and roles at the organization level:

• User Types

  At the organization level, there are three user types:

  • developer: Includes corporate IT staff, data analysts, and data operations personnel.

  • analyst: A business user who analyzes data without needing deep technical skills.

    Analysts analyze data by creating assets such as dashboards and spreadsheets.

  • viewer: A user who only views reports, such as an executive or a frontline business employee. Viewers can access dashboards, spreadsheets, and BI portals through URLs or subscriptions.

• User Roles

  • Organization roles

    At the organization level, Quick BI provides three pre-defined organization roles and supports the creation of custom organization roles.

    • organization administrator: Manages organization information, status, and members. They can also assign this role to other users.

      We recommend assigning this role to 1 to 3 individuals, typically a project manager (PM) or BI platform administrators.

    • permission administrator: Manages permissions for resources within the organization. We recommend assigning this role to 1 to 3 individuals, typically BI platform administrators.

    • standard user: A user who is not an organization administrator or permission administrator.

    • custom organization role: Create custom roles based on your business needs. For more information, see Role Management.

  • Workspace roles

    At the workspace level, Quick BI provides four pre-defined workspace roles and supports the creation of custom workspace roles.

    • workspace administrator: Has create (edit), use, and view permissions for all modules. This is the most privileged role in a workspace. Workspace administrators can also manage permissions and assets for other members in the workspace.

    • workspace developer: Has create (edit), use, and view permissions for all modules.

    • workspace analyst: Has create (edit) and view permissions for BI portals, dashboards, large-screen dashboards, spreadsheets, ad hoc analysis, self-service data retrieval, and data preparation modules. This role also has view permissions for data entry and data sources, and use and view permissions for datasets.

    • workspace viewer: Has view permissions for all modules.

    • custom workspace role: Create custom roles based on your business needs. For more information, see Role Management.

Usage Limits

• Only an organization administrator can add an Alibaba Cloud RAM role as an organization user.

• This feature is available only in Quick BI Advanced and Professional.

Notes

When adding users in bulk, you must upload a file to Quick BI. Note the following:

• We recommend that you use Google Chrome to upload the file.

• We recommend that you download the template for batch adding users and complete it with the required user information.

  To prevent upload failures, make sure the file does not contain any of the following issues:

  • A specified user account already exists in the organization.

  • A specified nickname already exists. Nicknames must be unique within an organization.

  • The specified user roles do not exist in the system. You can specify up to three roles, separated by commas (,).

  • A specified user group path does not exist.

  • The file contains more than 5,000 entries.

  • Do not reorder or delete any columns except for tag columns.

  • The number of users to be added exceeds the license limit.

    For more information about the license limits for different Quick BI editions, see Quick BI pricing.

Add a Single RAM Role

1. Log on to the Quick BI console.

2. On the Quick BI homepage, navigate to the User management page.

   

3. On the Members tab, in the upper-right corner, click Add User > Add Manually.

   

4. In the Add User dialog box, set Account Type to Alibaba Cloud RAM role and configure the following parameters.

   

   Parameter	Required	Description
   Role ID	Yes	Enter the ID of an existing Alibaba Cloud RAM role. For more information, see Obtain account information.
   Nickname	Yes	The display name of the RAM role in Quick BI. You can specify a custom nickname. The nickname can be up to 50 characters in length and can contain letters, digits, Chinese characters, underscores (_), forward slashes (/), backslashes (\), vertical bars (|), parentheses (()), and square brackets ([]).
   User type	Yes	Supported user types: developer, analyst, and viewer. developer: Suitable for corporate IT staff, data analysts, and data operations personnel. analyst: Suitable for business personnel who need to perform analysis but have limited technical skills. Analysts analyze data by creating dashboards, spreadsheets, and other reports. viewer: Suitable for users who only view reports, such as executives, managers, or frontline business personnel. Viewers can access dashboards, spreadsheets, and sites through URLs or subscriptions.
   Organization role	Yes	Quick BI provides three preset organization roles. You can also create custom ones. organization administrator: Manages project information, status, and members, and can assign this role to other organization users. We recommend assigning this role to one to three individuals, typically project managers or personnel in charge of the BI platform. permissions administrator: Manages permissions on organization resources from the backend. We recommend assigning this role to one to three individuals, typically personnel in charge of the BI platform. general user: A user who is not an organization administrator or a permissions administrator. custom organization role: You can create custom organization roles based on your business needs. For more information, see Organization roles.
   Workspace Role	No	Quick BI provides four preset workspace roles. You can also create custom ones. workspace administrator: Has the highest level of permissions within a workspace, including create (edit), use, and view permissions for all modules. Can manage the permissions and assets of other members. workspace developer: Has create (edit), use, and view permissions for all modules. workspace analyst: Has create (edit) and view permissions for the data portal, dashboard, data screen, spreadsheet, ad-hoc analysis, self-service data retrieval, and data preparation modules. Has view permissions for data entry and data sources. Has use and view permissions for datasets. workspace viewer: Has view permissions for all modules. custom workspace role: You can create custom workspace roles based on your business needs. For more information, see Workspace roles.
   Available agent	No	If your organization has purchased intelligent agent capabilities (Q-Series), you can assign agent seats to the user. Click Select Agent. The dropdown list shows all available agents and their remaining quotas. Select the agents to assign to the user and click OK. Note If User Type is set to viewer, the user cannot use the Q-Setup agent. The assigned organization role must have the required agent permissions. Otherwise, the user cannot use the agents even with an assigned seat. For more information about how to configure organization role permissions, see Organization roles. For more information about how to purchase agent capabilities, see Quick BI pricing.
   User group	No	The user group to which the RAM role belongs.

5. Click OK.

Add RAM Roles in Bulk

1. Follow the instructions in the figure to add users in bulk.

   

2. In the Batch Add Users dialog box, select Alibaba Cloud RAM role and click Get Template for Batch Adding Users to download the template.

   

3. Enter the user information into the template and save the file.

   The following table describes the key fields in the file.

   Parameter	Required	Description
   Role ID	Yes	The role ID of the RAM role.
   Nickname	Yes	The display name of the RAM role in Quick BI. You can specify a custom nickname. The nickname can be up to 50 characters in length and can contain letters, digits, Chinese characters, underscores (_), forward slashes (/), backslashes (\), vertical bars (|), parentheses (()), and square brackets ([]).
   User type	Yes	Supported user types: developer, analyst, and viewer. developer: Suitable for corporate IT staff, data analysts, and data operations personnel. analyst: Suitable for business personnel who need to perform analysis but have limited technical skills. Analysts analyze data by creating dashboards, spreadsheets, and other reports. viewer: Suitable for users who only view reports, such as executives, managers, or frontline business personnel.
   Available agent	No	The agent capabilities available to the user. Valid values: Q-Question, Q-Setup, and Q-Report. Separate multiple agents with commas (,). For example, to assign seats for Q-Question and Q-Report to a member, enter: Q-Question,Q-Report. Note If User Type is set to viewer, the user cannot use the Q-Setup agent. The assigned organization role must have the required agent permissions. Otherwise, the user cannot use the agent capabilities even if an agent seat is assigned. For more information about how to configure organization role permissions, see Organization roles. The entire upload task fails in the following cases: You add an agent that has not been purchased. The number of remaining seats is less than the number of seats required for the new users.
   User Role	Yes	Quick BI provides three preset organization roles. You can also create custom ones. organization administrator: Manages project information, status, and members, and can assign this role to other organization users. We recommend assigning this role to one to three individuals, typically project managers or personnel in charge of the BI platform. permissions administrator: Manages permissions on organization resources from the backend. We recommend assigning this role to one to three individuals, typically personnel in charge of the BI platform. general user: A user who is not an organization administrator or a permissions administrator. custom organization role: You can create custom organization roles based on your business needs. For more information, see Role Management.
   Email	No	The email address of the RAM role account.
   Phone number	No	The phone number of the RAM role account.
   User group	No	The user group to which the RAM role belongs.
   tag_example	No	You can add custom user tags. The column name for a custom tag must start with tag_, such as tag_example. Valid values: $ALL_MEMBERS$: Grants permissions on all data. A specific value, such as north: Grants permissions on data in the north region. Note If a tag corresponds to multiple permissions, separate the values with a comma (,), for example, north,east.

4. Click Select Excel File to upload the file from your local machine.

5. Click OK.

Log on as a RAM Role

A RAM role is a virtual user and cannot log on to Quick BI directly. A trusted entity, such as a RAM user, must first assume the role to gain access.

1. Log on to the Alibaba Cloud Management Console as a RAM user.

   

2. In the upper-right corner of the console, click Switch Role.

3. On the role switching page, enter the ID of the root account (or the enterprise alias or default domain name) and the role name, and then click Submit.

4. The user information in the upper-right corner now displays the assumed RAM role.

   Note

   You must grant the AliyunSTSAssumeRoleAccess permission to the RAM user. Otherwise, the role switch fails.

   

5. Go to the Quick BI console. The user information in the upper-right corner confirms that you are logged on as the RAM role.

   

   Note

   The RAM role must be an organization user to access Quick BI.