Skip to main content

Permission Rules

1. Overview of Permission Rules

Permission management rules include data export permission control, group permission control, group administrator settings, and resource authorization scope control. Users can choose to enable or modify these settings in permission rules.

2. Scope of Resource Permission Authorization Objects

In permission rules, you can set the scope of resource permission authorization objects.

There are three types:

  • Allow authorization to all user groups and users;

  • Only allow authorization to your own user group, its users, and sub-user groups, including users in sub-user groups (when the current user is a regular member or group administrator);

    • Visible range in the permission management list: your own group and its users and sub-user groups

image.png

  • Only allow authorization to user groups you manage, their users, and sub-user groups, including users in sub-user groups (when the current user is a group administrator).

    • Visible range in the permission management list: user groups you manage and their users and sub-user groups

Note: Administrators can always authorize all user groups and users.

3. Types of Resource Permission Authorization Objects

In permission rules - types of resource permission authorization objects, you can choose whether to allow users to assign permissions to user groups. If not allowed, you can add users to the whitelist for special handling. Users in the whitelist are allowed to assign permissions to user groups.

image.png

4. Group Administrator Settings

In permission rules, administrators can choose whether to enable group administrators. If enabled, the following settings can be made:

  • "Allow group administrators to create new users": This feature is enabled by default. To disable it, go to "Management Center - Permission Management - Permission Rules - Group Administrator Settings". When enabled, group administrators can create and batch create users in the user management interface.

  • "Allow group administrators to manage sub-user groups": When not allowed, you can add user groups to the whitelist for special handling. Here you can add/remove whitelist user groups. For details, see [Group Administrator](3-Group Administrator.md).

image.png