Quick BI:Add Alibaba Cloud RAM Roles to an Organization

Background information

Quick BI categorizes organization users into the following types and roles:

• User types

  Organization users are classified into three categories:

  • Developers: These include enterprise IT staff, data analysts, and data operations personnel.

  • Analysts: Business personnel who conduct business analysis with minimal technical requirements.

    Analysts create and utilize dashboards, workbooks, and other analytical tools.

  • Visitors: Individuals such as executives or managers who only view reports, or frontline business staff who solely access data results. Visitors can access dashboards, workbooks, and sites via URLs or subscriptions.

• User roles

  • Organization roles

    There are three predefined roles at the organization level, with the option to add custom roles:

    • Organization Administrator: Manages project information, status, and members. They can also designate other users as organization administrators.

      Typically, one to three individuals fill this role, often the project PM or those responsible for the BI platform.

    • Permission Administrator: Oversees permissions for project resources. One to three individuals usually assume this role, commonly those in charge of the BI platform. They are tasked with centralized permission management and allocation in the backend.

    • Regular User: Users who are not organization or permission administrators.

    • Custom Organization Roles: Tailored to specific business needs, these roles can be created as necessary. For more information, see Role Management.

  • Workspace roles

    At the workspace level, there are four predefined roles, with the possibility of adding custom roles:

    • Workspace Administrator: Possesses the authority to create, edit, use, and view all modules, holding the highest level of permissions within the workspace. They also manage other members' permissions and works.

    • Workspace Developer: Granted permissions to create, edit, use, and view all modules.

    • Workspace Analyst: Authorized to create, edit, and view modules such as BI portals, dashboards, data dashboards, workbooks, ad hoc analysis, downloads, and data preparation. They also have viewing permissions for data reporting and data sources, along with the ability to use and view datasets.

    • Workspace Viewer: Has viewing permissions for all modules.

    • Custom Workspace Roles: Custom roles can be established based on business needs. For more information, see Role Management.

Limits

• Only organization administrators can add Alibaba Cloud RAM roles as organization users.

• This feature is available only in the Premium Edition and Professional Edition.

Notes

When you add users in batches, you need to upload an attachment to Quick BI:

• We recommend that you use the Chrome browser to upload files.

• We recommend that you Obtain The Template For Adding Users In Batches and fill in user information in the attachment according to the template requirements.

  To avoid upload failures, check the attachment to ensure that the content does not have the following issues:

  • Any account user already exists and cannot be added again.

  • Any account nickname already exists. Duplicate nicknames are not allowed in an organization.

  • User roles must exist in the system, separated by commas, and cannot exceed 3 roles.

  • Any user group path does not exist.

  • The maximum number of records is 5,000.

  • Changes to or deletion of columns other than tag columns.

  • The number of users to be added exceeds the license limit.

    For information about the license limits of different Quick BI editions, see Billing methods.

Add a single Alibaba Cloud RAM role

1. Log on to the Quick BI console.

2. On the Quick BI homepage, follow the instructions in the following figure to go to the User Management page.

   

3. In the upper-right corner of the Member Management tab, choose Add User > Add Manually.

   

4. In the Add User dialog box, select Account Type as Alibaba Cloud RAM Role, and configure the following information.

   

   Parameter	Required	Description
   Role ID	Yes	Enter a real existing Alibaba Cloud RAM role ID. For more information, see Obtain account information.
   Nickname	Yes	The nickname of the Alibaba Cloud RAM role account in Quick BI. You can customize the nickname. The nickname can contain only letters, digits, underscores (_), forward slashes (/), backslashes (\), vertical bars (|), parentheses (()), and brackets ([]), and can be up to 50 characters in length.
   User Type	Yes	Three types are supported: Developer, Analyst, and Visitor. Developer: enterprise IT personnel, data analysts, and data operations personnel. Analyst: business personnel who need to perform business analysis but have low technical requirements. Analysts analyze data by creating dashboards and workbooks. Visitor: users who only need to view reports (such as managers and leaders) or front-line business personnel who only need to view data results. Visitors can view the content of dashboards, workbooks, and sites through URLs or subscriptions.
   Organization Role	Yes	At the organization level, three preset organization roles are available, and you can add custom organization roles. Organization administrator: manages project information, status, and members. An organization administrator can set an organization user as an organization administrator. We recommend that one to three users assume this role. In most cases, project managers or personnel responsible for the Quick BI platform assume this role. Permission administrator: manages permissions for project resources. We recommend that one to three users assume the permission administrator role. In most cases, the personnel that are responsible for the Quick BI platform assume this role. Permission administrators grant user accounts the permission administrator role, and are mainly responsible for centrally allocating and managing permissions in the background. Regular user: users who are not set as organization administrators or permission administrators. Custom organization role: You can customize organization roles based on business needs. For more information, see Organization role.
   Workspace Role	No	At the workspace level, four preset workspace roles are available, and you can add custom workspace roles. Workspace administrator has the permissions to create (edit), use, and view all modules. A workspace administrator has the highest permissions in the current workspace. In addition to the preceding permissions, a workspace administrator can manage the permissions and works of other members in the workspace. Workspace developer has the permissions to create (edit), use, and view all modules. Workspace analyst has the permissions to create (edit) and view the Data Portal, Dashboard, Data Dashboard, Workbook, Ad Hoc Analysis, Downloads, and Data Preparation modules. A workspace analyst also has the permissions to view the Data Entry and Data Source modules, and the permissions to use and view datasets. Workspace viewer has the permissions to view all modules. Custom workspace role: You can customize workspace roles based on business needs. For more information, see Workspace role.
   User Group	No	The user group to which the Alibaba Cloud role account to be added belongs.

5. Click OK to complete adding the organization user.

Add Alibaba Cloud RAM roles in batches

1. Follow the instructions in the following figure to add users in batches.

   

2. In the Add Users In Batches dialog box, select Alibaba Cloud RAM Role, and click Get The Template For Adding Users In Batches to download the template for user information.

   

3. Fill in and save the information of the users to be added in the template.

   The key fields in the attachment are described as follows.

   Field name	Required	Description
   The account ID	Yes	The ID of the Alibaba Cloud RAM role account.
   Nickname	Yes	The nickname of the Alibaba Cloud RAM role account in Quick BI. You can customize the nickname. The nickname can contain only letters, digits, underscores (_), forward slashes (/), backslashes (\), vertical bars (|), parentheses (()), and brackets ([]), and can be up to 50 characters in length.
   User type	Yes	Three types are supported: Developer, Analyst, and Visitor. The values are as follows: Developer: can be added as workspace members and granted data development and management permissions. Analyst: business personnel who need to perform business analysis but have low technical requirements. Analysts analyze data by creating dashboards and workbooks. Visitor: cannot be added as workspace members and can only view authorized reports.
   User role	Yes	At the organization level, three preset organization roles are available, and you can add custom organization roles. Organization administrator: manages project information, status, and members. An organization administrator can set an organization user as an organization administrator. We recommend that one to three users assume this role. In most cases, project managers or personnel responsible for the Quick BI platform assume this role. Permission administrator: manages permissions for project resources. We recommend that one to three users assume the permission administrator role. In most cases, the personnel that are responsible for the Quick BI platform assume this role. Permission administrators grant user accounts the permission administrator role, and are mainly responsible for centrally allocating and managing permissions in the background. Regular user: users who are not set as organization administrators or permission administrators. Custom organization role: You can customize organization roles based on business needs. For more information, see Role management.
   Email	No	The email address bound when registering the Alibaba Cloud role account.
   Phone number	No	The phone number bound when registering the Alibaba Cloud role account.
   User group	No	The user group to which the current Alibaba Cloud role account belongs.
   tag_example	No	User tag fields can be customized and extended. The extended column name starts with tag_, such as tag_example. Value description: $ALL_MEMBERS$: indicates that the user has access permissions to all data. Fill in a specific value, such as north: indicates that the user has access permissions to data in the north region. Note If a tag item corresponds to multiple permissions, separate them with commas (,), such as north,east.

4. Click Select Excel File to upload the user information to be added from your local computer.

   • We recommend that you use the Chrome browser to upload files.

   • We recommend that you Obtain The Template For Adding Users In Batches and fill in user information in the attachment according to the template requirements.

5. Click OK to complete adding organization users in batches.

Alibaba Cloud RAM role logon

Alibaba Cloud RAM roles cannot directly log on to Quick BI. As a virtual user, a RAM role needs to be assumed by a trusted entity (such as an Alibaba Cloud RAM user) before logging on. You can follow these steps to log on and access Quick BI.

1. Use an Alibaba Cloud RAM user to log on to the Alibaba Cloud Management Console.

   

2. In the Alibaba Cloud RAM user console, click Switch Role in the upper-right corner.

3. On the role switching page, enter the primary account ID (or enterprise alias/default domain name) and role name, and click the Submit button to complete the role switching.

4. Now, you can see that the user information in the upper-right corner has been switched to the RAM role.

   Note

   You need to grant the AliyunSTSAssumeRoleAccess permission to the Alibaba Cloud RAM user. Otherwise, an error will occur when switching roles.

   

5. Access the Quick BI console. You can see that the logged-in user information in the upper-right corner of the page is the RAM role.

   

   Note

   The RAM role must be added to a Quick BI organization before it can access Quick BI.