All Products
Search
Document Center

Quick BI:Mode 2: Otorisasi Berbasis Tag

Last Updated:Feb 06, 2026

Jika organisasi Anda memiliki banyak anggota, Anda dapat menggunakan otorisasi berbasis tag untuk memberikan izin kepada semua pengguna sekaligus. Pendekatan ini menghindari pemberian izin secara individual atau per kelompok pengguna, sehingga mengurangi biaya dan kompleksitas serta menyederhanakan manajemen di masa depan. Topik ini menjelaskan cara melakukan otorisasi berbasis tag.

Skenario

Otorisasi manajemen tag pengguna cocok untuk organisasi dengan banyak pengguna yang memiliki kebutuhan izin beragam. Otorisasi ini menggunakan kebijakan kontrol akses tingkat pengguna untuk memberikan manajemen izin yang dipersonalisasi bagi setiap pengguna. Misalnya, pengguna yang bertanggung jawab atas wilayah berbeda hanya dapat melihat data dari wilayah masing-masing.

Prasyarat

Anda telah membuat sebuah dataset. Untuk informasi selengkapnya, lihat Create a dataset.

Catatan

Topik ini hanya berlaku bagi pengguna yang membeli atau memulai uji coba gratis Quick BI pada atau setelah 3 Juni 2021. Jika Anda tidak memenuhi persyaratan ini, lakukan upgrade dari versi izin tingkat baris sebelumnya ke versi terbaru sebelum menjalankan operasi yang dijelaskan dalam topik ini. Untuk informasi selengkapnya, lihat Upgrade row-level permissions.

Batasan

  • Hanya Edisi Premium dan Edisi Profesional yang mendukung pengaturan izin tingkat baris.

  • Hanya pemilik dataset dan administrator ruang kerja yang dapat mengatur izin tingkat baris.

    Catatan

    Developer ruang kerja hanya dapat mengatur izin tingkat baris untuk dataset yang mereka buat. Administrator ruang kerja dapat mengatur izin tingkat baris untuk semua dataset.

Prosedur

Masuk ke Quick BI console. Anda dapat mengatur izin tingkat baris untuk suatu dataset di workbench atau halaman edit dataset.

Entri fitur

Entri 1

Atur izin tingkat baris untuk dataset di workbench.

  1. Ikuti langkah-langkah pada gambar untuk menuju halaman pengaturan Row-level Permissions.

    image

  2. Aktifkan Enable Row-level Permissions.

    image

  3. Pada halaman konfigurasi Row-level Permissions, pilih User Tag Management Authorization dan set association conditions.

    image

  4. Klik Save.

Entri 2

Atur izin tingkat baris untuk dataset di halaman edit dataset.

  1. Pada bilah alat atas, klik Advanced Configuration lalu pilih Permission ControlRow-level Permissions.image

  2. Aktifkan Enable Row-level Permissions.

  3. Pada halaman konfigurasi Row-level Permissions, pilih User Tag Management Authorization dan set association conditions.

  4. Klik Save.

Entri 3

Atur izin tingkat baris saat Anda create a dataset.

  1. Pada halaman pratinjau dataset, klik ikon image untuk menuju halaman konfigurasi Row-level Permissions.

    image

  2. Aktifkan Enable Row-level Permissions.

  3. Pada halaman konfigurasi Row-level Permissions, pilih User Tag Management Authorization dan atur kondisi asosiasi.

  4. Klik Save.

Set association conditions

image

  1. Klik Add Controlled Field.

  2. Pilih Controlled Field dan User Tag Table Field.

  3. Saat menambahkan beberapa kondisi asosiasi, Anda dapat memilih logika AND atau OR. Jika memilih AND, semua aturan harus terpenuhi agar izin berlaku. Jika memilih OR, izin berlaku jika salah satu aturan terpenuhi.

  4. Jika tabel tag berisi beberapa baris tag untuk pengguna yang sama, pilih Merge into a single row for calculation atau Calculate each row separately.

    1. Merge into a single row for calculation: Union dari beberapa baris diambil untuk setiap tag. Tag tersebut kemudian digabung menjadi satu kolom untuk verifikasi izin.

      Contohnya, tabel tag pengguna adalah sebagai berikut:

      User

      Area

      Province

      City

      user1

      Northeast

      ALL_VALUES

      ALL_VALUES

      user1

      Southeast

      Zhejiang

      Hangzhou

      Logika perhitungan satu baris adalah:

      where Area in {'Northeast', 'Southeast'} 
      and 'BI' = 'BI' 
      and 'BI' = 'BI'

      Efek izinnya sama dengan berikut ini:

      User

      Area

      Province

      City

      user1

      Northeast,Southeast

      ALL_VALUES

      ALL_VALUES

    2. Calculate each row separately: Setiap baris nilai tag merepresentasikan satu set izin. Logika OR digunakan antar beberapa baris. Anda hanya dapat menggunakan mode Calculate each row separately ketika semua User Tag Table Fields berasal dari tabel tag pengguna yang sama. Contohnya:

      • Jika hubungan antar kondisi adalah AND, dan tabel tag pengguna adalah sebagai berikut:

        User

        Area

        Province

        City

        user1

        Northeast

        $ALL_VALUES$

        $ALL_VALUES$

        user1

        North China,Southwest

        $ALL_MEMBERS$

        $ALL_MEMBERS$

        user1

        Southeast

        Zhejiang

        Hangzhou

        Logika perhitungan tiap baris secara terpisah adalah:

        where (Area = 'Northeast' and 'BI' = 'BI' and 'BI' = 'BI')
        or (Area in {'North China', 'Southwest'})
        or (Area = 'Southeast' and Province = 'Zhejiang' and City = 'Hangzhou')
      • Jika hubungan antar kondisi adalah OR, dan tabel tag pengguna adalah sebagai berikut:

        User

        Area

        Product Type

        user1

        Northeast

        $ALL_VALUES$

        user1

        North China,Southwest

        $ALL_MEMBERS$

        user1

        Southeast

        Furniture

        Logika perhitungan tiap baris secara terpisah adalah:

        where (Area = 'Northeast' or 'BI' = 'BI')
        or (Area in {'North China', 'Southwest'})
        or (Area = 'Southeast' or Product_Type = 'Furniture')

        Efek izinnya sama dengan berikut ini:

        User

        Area

        Product Type

        user1

        Northeast,North China,Southwest,Southeast

        $ALL_VALUES$

  5. Klik Save.

Set a whitelist

Jika Anda tidak ingin aturan ini berlaku untuk pengguna tertentu, tambahkan pengguna tersebut ke daftar putih.image

Copy row-level permissions

Anda dapat menyalin izin tingkat baris dari dataset lain. Untuk informasi selengkapnya, lihat Copy row-level permissions.

Skenario

Tabel tag dapat berasal dari tabel tag yang dikelola pengguna (user tag table) atau tag yang dikonfigurasi langsung di Quick BI (manually managed tag table). Bagian berikut menjelaskan kedua skenario tersebut.

Scenario

Implementation steps

Scenario 1: Perform access control by attaching a user tag table

  1. Design a user tag table

    After you attach a user tag table stored in a data source, Quick BI reads the latest member tag information in real time. No manual maintenance is required.

  2. Attach a user tag table

    After you attach the table, use the Alibaba Cloud account ID, Alibaba Cloud account name, or nickname in the Quick BI organization as the primary key to associate with members in the Quick BI organization.

  3. Add a user tag

    Add a user tag to associate with a field in the user tag table. After the association, the tag value in the user tag table is passed to the Quick BI user tag.

  4. Use tag-based authorization

    After authorization, the tag values in the user tag table apply to all datasets. Authorized users can view only the data within their permission scope.

Scenario 2: Perform access control by manually managing a tag table

  1. Add a user tag

    The added user tags are used to control the scope of data that can be viewed after the tags are attached when you set row-level permissions.

  2. Manually manage user tag values

    In the manually managed tag table, select one or more users and assign values to the added user tags.

  3. Use tag-based authorization

    After authorization, the tag values in the manually managed tag table apply to all datasets. Authorized users can view only the data within their permission scope.

Scenario 1: Perform access control by attaching a user tag table

  1. Customize a user tag table.

    After you attach a user tag table stored in a data source, Quick BI reads the latest member tag information in real time. No manual maintenance is required.

    When you customize a tag table, make sure that the user tag table meets the following requirements:

    • It contains at least one of the following fields: Alibaba Cloud account ID (account_id), Alibaba Cloud account name (account_name), or nickname in the Quick BI organization (nick_name).

      Catatan

      If you use an Alibaba Cloud account ID or Alibaba Cloud account name, make sure the user already exists in the Quick BI organization.

    • It contains at least one tag field, such as area.

    • If there are multiple tags, you can separate them with a comma (,) or present them in multiple rows.

    • $ALL_MEMBERS$ indicates that all permissions are granted.

  2. Attach the user tag table.

    After you attach the table, use the Alibaba Cloud account ID (account_id), Alibaba Cloud account name (account_name), or nickname (nick_name) field in the user tag table as the primary key to associate with members in the Quick BI organization.

    1. Log on to the Quick BI console.

    2. On the Quick BI home page, follow the steps in the figure to go to the tag table attachment page.

      image.png

    3. Customize a name for the user tag table to attach.

      In this example, the name of the user tag table is Demo Tag Table.自定义标签表

    4. Follow the steps in the figure to configure the user tag table to attach.

      配置标签表

      The preview of the user tag table is shown in the following figure.预览标签表

  3. Add a user tag.

    Add a user tag to associate with a field in the user tag table, such as area, province, city, or order_number. After the association, the tag value in the user tag table is passed to the Quick BI user tag.

    1. Click the User Tag Management tab, and click Add User Tag.

    2. Enter a Tag Name and an Associated Tag Table Field, and then save the configuration.配置

      Set the associated tag table to Demo Tag Table. Customize the tag names as dy_area, dy_province, dy_city, and dy_order_number, and attach them to the area, province, city, and order_number fields in the Demo Tag Table.自定义标签表

  4. Use tag-based authorization.

    After authorization, the tag values in the user tag table apply to all datasets. Authorized users can view only the data within their permission scope.

    1. On the Quick BI home page, follow the steps in the figure to go to the row-level permissions settings page.

      image

    2. Turn on the Enable Row-level Permissions switch, and set Authorization Method to User Tag Association Authorization.

      image

    3. In the Set association conditions area, click Add Controlled Field.

    4. Select a Controlled Field and attach a User Tag Table Field.

      The selected controlled fields and user tag table fields are shown in the following figure.image

    5. Click Save.

    6. Whitelisted users

      If you do not want these rules to apply to certain users, add those users to the whitelist.image

  5. View the authorization result in a dashboard.

    1. On the dashboard edit page, create a chart and view the authorization result.

      For example, create a cross table. You can see the data for Hangzhou where the order quantity is 50.image.png

    2. View the data retrieval logic of the SQL statement.

      取数结果

Scenario 2: Perform access control by manually managing a tag table

  1. Log on to the Quick BI console.

  2. Set user tags.

    The added user tags are used to control the scope of data that can be viewed after the tags are attached when you set row-level permissions.

    1. Follow the steps in the following figure to add a user tag.

      image.png

    2. Enter a Tag Name and an Associated Tag Table Field, and then save the configuration.

      image.png

      Customize the tag names as area, province, city, and order_number, and set Associated Tag Table Field to Manual Entry for all of them.

      image.png

  3. Manually manage the user tag table.

    In the manually managed tag table, select one or more users and assign values to the added user tags.

    1. On the Tag Management page, click Manual Management in the navigation pane on the left.

    2. Search for the target user and assign tag values.

      The tag assignment in this example is shown in the following figure.

      image.png

  4. Use tag-based authorization.

    After authorization, the tag values in the user tag table apply to all datasets. Authorized users can view only the data within their permission scope.

    1. On the Quick BI home page, follow the steps in the figure to go to the row-level permissions settings page.

      image

    2. Turn on the Enable Row-level Permissions switch, and set Authorization Method to User Tag Association Authorization.

      image

    3. In the Set association conditions area, click Add Controlled Field.

    4. Select a Controlled Field and attach a User Tag Table Field.

      The selected controlled fields and user tag table fields are shown in the following figure.image

    5. Click Save.

    6. Whitelisted users.

      If you do not want these rules to apply to certain users, add those users to the whitelist.image

  5. View the authorization result in a dashboard.

    1. On the dashboard edit page, create a chart and view the authorization result.

      For example, create a cross table. You can see the data for Hangzhou where the order quantity is 50.image.png

    2. View the data retrieval logic of the SQL statement.

      取数结果

What to do next

After you set up the dataset, you can perform data analytics. For more information, see Create a Dashboard and Create a Chart.