All Products
Search

This Product

    Quick BI:Column-level Permissions

    Document Center

    Quick BI:Column-level Permissions

    Last Updated:Jan 20, 2025

    Quick BI supports the configuration of column-level permissions within an organization, enabling control over access to specific fields. Users can apply data masking to sensitive fields, such as phone numbers and ID cards, by establishing organization-level column-level permissions. This topic describes the procedure for setting column-level permissions and explains the rules governing their application.

    Scenarios

    In the realm of enterprise data security management, to prevent the disclosure of sensitive information, you can implement Data Masking or Do Not View restrictions within column-level permissions at the organization level. This approach conceals sensitive fields, including phone numbers and ID cards. Once the permission rules are established, users can only access field values that fall within the defined parameters, thus safeguarding data security.

    Limits

    • Only organization administrators and users with custom roles that include the enterprise security feature can configure organization-level column-level permissions.

    • This applies exclusively to the updated version of row and column permissions. If you are using the previous version, please upgrade to the new version.

    • A maximum of 10 column-level permission rules can be created.

    Procedure

    1. Log on to the or the international Quick BI console.

    2. Navigate to the column-level permissions settings page as shown in the steps.

      image

    3. On the column-level permissions settings page, you can click Add Rule to configure the following settings.

      image

      Configuration item

      Description

      ① Rule Name

      You can customize the rule name, and duplicate names are not supported.

      ② Field Name

      If the dataset field name is hit, the field will be masked. If multiple field names are entered, separate them with commas. Duplicate field names are not supported.

      ③ Set Rule

      • Do Not View

        Fields set to Do Not View are displayed as "- -" in cross tables and are not displayed in other visualization charts.

      • Data Masking

        Set fields that need masking in the dataset. The system will blur sensitive data in the field, displaying it in a masked form in dashboards, workbooks, or downloads to protect data security.

      ④ Who is it effective for

      Supports setting Effective for Everyone, Valid for Selected Users Only, and Invalid for Selected Users Only.

      Data can only be viewed when the user has both dataset permissions and organization-level permissions.

      For specific rules, see Effect Display and Rule Description.

    4. Click Complete.

    Effect display and rule description

    Do Not View

    • Set Rule

      For instance, configure a rule to prevent viewing of customer names.

      image

    • Effect Display

      After the setting is complete, the user will see the field displayed as "- -" in the cross table and the field will be hidden in chart visualizations such as bar charts.

      image

    Data Masking

    • Set Rule

      For example, set up a rule to mask phone numbers, making it effective for all users.

      image

      You can customize masking rules as well. For detailed configurations, refer to Data Masking.

      image

    • Effect Display

      After the setting is complete, all users will only be able to view the masked phone numbers.

      image

    Effect description

    Authorized object

    Parameter description

    Effective for Everyone

    When viewing the values of the specified fields:

    • The configured column-level permission rules will be effective for all users.

    Valid for Selected Users Only

    After specifying users or user groups, when viewing the values of the specified fields:

    • Specified users or user groups:

      The field values viewed will be restricted according to the configured permission rules. Fields set to Do Not View cannot be viewed, or only masked field values can be seen.

    • Users other than the specified users or outside of the specified user group:

      Not restricted by permission rules. Complete field values can be viewed.

    Invalid for Selected Users Only

    After specifying users or user groups, when viewing the values of the specified fields:

    • Specified users or user groups:

      Not restricted by permission rules. Complete field values can be viewed.

    • Users other than the specified users or outside of the specified user group:

      The field values viewed will be restricted according to the configured permission rules. Fields set to Do Not View cannot be viewed, or only masked field values can be seen.

    Special instructions

    • Data can only be viewed when the user possesses both dataset and organization-level permissions.

    • Organization-level column-level permissions take precedence over dataset permissions. When fields in a dataset are governed by global column-level permissions, the masking rules will be applied regardless of other settings. In the event of conflicting rules, the global rules will take priority.

    For an explanation of column-level permissions within a dataset, refer to Configure Column-level permissions.

    Manage column-level permissions

    1. Access the column-level permissions settings page.

      image

    2. On the management page, you can edit (①) or delete (②) existing permission rules. image