Skip to main content

Group Administrator

1. Overview of Group Administrator

A group administrator is a way to delegate administrator privileges. Administrators can set group administrators and grant them certain user management permissions, allowing group administrators to manage members within their group.

2. Value of Group Administrator

Large group enterprises have many people, large scale, and complex organizational structures, making centralized management costly. With the group administrator function, enterprises with multiple organizational structures can delegate user management permissions to subsidiaries or departments, allowing group administrators to assist in managing group members and sub-user groups, reducing the burden on system administrators.

3. Enabling Group Administrator

As an administrator, you can enable the group administrator button via "Management Center - Permission Management - Permission Rules - Group Administrator Settings".

After enabling, you can set the following:

  • Allow group administrators to create new users: This feature is enabled by default. When enabled, group administrators can create and batch create users in the user management interface.

  • Allow group administrators to authorize visitor permission resources: This feature is enabled by default. If unchecked, group administrators can only authorize resources for which they have owner permission.

  • Allow group administrators to manage sub-user groups: If not allowed, only group administrators in the whitelist user groups can assign sub-user group administrators; others are not allowed.

image.png

Note: Different enterprises have different regulations on the scope of operations for group administrators. Therefore, whether group administrators are allowed to modify the organizational structure is configurable, and enterprises can configure it according to their own situation.

4. Group Administrator Permissions

If a regular user becomes a group administrator, they will have the following additional permissions.

|450

As a group administrator, after logging in, you will have access to user management and resource management modules.

4.1 User Management

4.1.1 User Management

Step 1: Create a new user.

When creating a new user, click the "New User" button in the upper left corner, fill in basic information, permission information, and other information.

  • Supports batch creation, batch export, and batch modification of users;

  • In permission rules, if "Allow group administrators to create new users" is disabled, group administrators do not have permission to create new users;

  • Cannot create administrator accounts;

  • New users must belong to a user group managed by the group administrator.

|650

Step 2: Manage users within the group.

  • Regular users within the group can be added, deleted, modified, and viewed at will.

  • If a user within the group is an administrator or group administrator, they cannot be deleted, their account type cannot be modified, and their password cannot be reset. Other user attributes can be modified.

  • When modifying a user's user group, only user groups managed by the group administrator can be selected.

4.1.2 User Group Management

Group administrators can only manage user groups for which they are group administrators and their sub-user groups.

Operations include:

  • User group name: The user group where the group administrator is located cannot be modified. Sub-user groups can be modified if allowed to modify the user group structure.

  • Add/delete sub-user groups: Can be modified if allowed to modify the user group structure.

  • Group administrator: Can only view, not modify.

  • Role: Can add roles that the group administrator already has (i.e., roles granted by the administrator to the group administrator).

  • Default page for user group: Can be added. Only dashboards can be added.

  • Group members: Can add users managed by the group administrator; can remove regular members from the group; if also a group administrator, cannot be removed (only administrators can remove).

4.2 Resource Management

In resource management, only page resources are exposed, and you can see the resources that the group administrator has permission for.

Note: If you are the owner, you can edit and delete; if you are a visitor, you can only view, with no edit or delete options.

When the group administrator is a visitor, they can view page information and resource permissions but cannot modify them. Click "Resource Permissions" to jump to the resource permission management page.

4.3 Permission Management

For group administrators, as long as they are a visitor/user/owner of a resource (not necessarily the owner), they can see the "Permission Management" operation entry for the corresponding resource. Group administrators:

  • If they are a visitor to the resource, they can only add/delete/modify visitors, not operate on owners;

  • If they are the owner of the resource, they can operate on both visitors and owners.

4.3.1 User Permission Configuration

In user permission configuration, group administrators can edit resources they have permission for and batch authorize dashboards, datasets, and folders for group members.

  • Group administrators can authorize resources for which they are visitors or owners. When authorizing downwards, if they are a visitor, they can only assign visitor permissions; if they are an owner, they can assign both visitor and owner permissions.

  • For resources of group members that the group administrator does not have permission for, they cannot assign permissions downwards.

|650

4.3.2 Role Permission Configuration

Only roles authorized by the administrator can be seen, but cannot be modified.

image.png

4.3.3 Resource Permission Management

In resource permission management, you can see the resources you have permission for and edit them.

As with the single resource authorization window, if you are a visitor, you can only add visitors; if you are an owner, you can perform all operations.

image.png