Skip to main content

Resource Permission

Overview

Resource Permission Management is the core capability in a BI system for controlling user access to and operations on various Resources. By setting Owners, Users, Visitors, and export permissions for Resources, you can implement fine-grained access control for Pages, Datasets, folders, and other Resources, thereby protecting enterprise data security. The system also supports advanced capabilities such as bulk authorization, permission inheritance, and user group management to simplify permission management workflows.

Types of Resource Permissions

The system provides multiple permission types to meet different business scenarios:

  • Owner: has full permissions for the Resource, including create, delete, view, edit, and bulk authorization.
  • User: has usage permissions for the Resource. For example, the user can create a Card or Smart ETL based on a Dataset, create a Page using a folder, or move other Resources into the folder.
  • Visitor: has viewing permission for the Resource.
  • Allow Export: has permission to export the Resource, provided that export global control is enabled and the user has the corresponding feature permission for export.

Explanation of Resource Permissions

For more details, please refer to:Resource Permission Details.

Pages

  • Includes Dashboards, big screens, mobile applications, desktop applications, and slides.
  • Can be assigned Owner, Visitor, and Allow Export permissions.

Datasets

Datasets can be assigned Owner, User, and Allow Export permissions.

Folders

  • Includes Dashboard folders, big screen folders, Dataset folders, and ETL folders.

  • Can be assigned Owner and User permissions.

  • Folder operations include:

      - `Management operations`, which apply to the folder itself, including permission management, directory management such as creating child folders in the current folder, renaming, moving, and deleting.
      - `Usage operations`, which involve using the folder, including creating new Resources such as Dashboards or Datasets in the current folder, moving other Resources into the folder, or saving other Resources to the folder with `Save As`.

Owners can perform all operations, including both management and usage operations. Users can perform only usage operations.

From the Resource perspective, parent folders and child folders are both independent folders. Therefore, there is no inheritance relationship in permission management. Permissions for parent folders and child folders are configured separately and do not affect each other.

  • A folder is visible if any of the following conditions is met:
    • The user is the Owner or Visitor of the folder.
    • The user does not have direct permission on the folder, but has access to Resources inside the folder, such as Dashboards, Datasets, or child folders.
  • When Bulk Authorization is enabled, only folder Owners and Users can see the Bulk Authorization entry in the operations column.
    • Folder Owners can configure bulk authorization.
    • Users can browse the bulk authorization list but cannot modify it.

Authorization Methods

Single-Resource Authorization

Overview

Single-Resource authorization is used for fine-grained permission management on a single data Resource.

In daily enterprise operations, it is often necessary to assign customized permissions to important Resources such as core business Dashboards or sensitive Datasets. To meet this requirement, the platform provides Single-Resource authorization so that you can:

  • Configure precise permission settings at the user or user group level for individual Resources such as a Dashboard page, Dataset, ETL, or folder.
  • Assign different permission levels, including Owner, User, Visitor, or Allow Export, to different users or user groups.

Users Who Can Perform Single-Resource Authorization

  • The Owner of the Resource
  • A Group Administrator who has Visitor or Owner permissions for the Resource
  • An administrator

Procedure

  1. Enter the management page: click Admin Center > Resource Management > Resource Permission Management to enter the Resource Permission Management page.

  2. Select a specific Resource: choose Pages, Datasets, or Folders, and locate the specific Resource whose permissions you want to configure.

  3. Add users or user groups: click Add User or User Group in the upper-right corner, search for a user or group, and assign the Owner or Visitor role to currently unauthorized users. Select Allow Export if you want to allow that user or user group to export the Resource.

  4. For Pages and Datasets, you can configure whether a user is allowed to export. If you want to configure export permission separately for a specific Owner or Visitor, simply choose whether to select Allow Export.

  5. Remove permissions: click the delete action for a specific user or user group to remove that user's or group's permission for the Resource.

  6. Enable Inherit from Parent by selecting the checkbox. This means the preset permissions configured in Bulk Authorization on the folder can be applied directly to the current Resource. For details, see Bulk Authorization.

Bulk Authorization

Overview

Bulk Authorization is used to manage distributed data Resources in a unified way.

Large numbers of Datasets, Dashboards, and other Pages are typically organized into different folders. Resources within the same folder often share the same audience. To make permission management easier, the platform provides folder-based Bulk Authorization, which allows you to:

  • Configure a bulk authorization list on a folder so that it takes effect for all Pages, Datasets, and other supported Resources within that folder.
  • Exclude specific Pages or Datasets from inheriting the bulk authorization list from the parent folder when separate control is required.
Description

In the current version, only Dashboards, big screens, and Datasets support Bulk Authorization. If you need more related capabilities, please contact your support representative.

Entry Points

  • Entry 1: Go to Admin Center > Resource Management > Resource Permission Management, then select a folder to perform Bulk Authorization.

  • Entry 2: On the Page or Dataset interface, select a folder to perform Bulk Authorization directly.

Procedure

  1. Enter the configuration page: go to Admin Center > Resource Management > Resource Permission Management and select a folder for Bulk Authorization, or directly select a folder on the Dashboard, big screen, or Dataset page.

  2. Configure the bulk authorization list: in the Bulk Authorization settings window, add or remove users or user groups and set the corresponding permissions.

  3. Apply Bulk Authorization: in the permission management window for a specific Resource, select Inherit from Parent to apply the Bulk Authorization settings.

Additional Notes

  1. Permissions must be revoked from the place where they were granted. Therefore, if User A obtained permission to a Dashboard, big screen, or Dataset through Bulk Authorization, the corresponding permission must also be removed from the Bulk Authorization settings rather than directly from the Page or Dataset.

  2. Inheriting Bulk Authorization from the parent folder means inheriting from the nearest folder above the current Resource. For example, if folder F1 Sales Department contains child folder F2 East China Sales Team, and F2 East China Sales Team contains the Dashboard P3 East China Target Achievement, then:

     - If F1 has Bulk Authorization configured and F2 does not, selecting `Inherit from Parent` for P3 means P3 inherits the Bulk Authorization from F1.
     - If both F1 and F2 have Bulk Authorization configured, selecting `Inherit from Parent` for P3 means P3 inherits the Bulk Authorization from F2.

For more guidance on permission management, visit the Guandata video tutorial website.