User Management
1. Overview of User Management
User management refers to the management of user account information by administrators for users of the BI product. In addition to basic operations such as adding, modifying, and deleting users, administrators (i.e., permission assigners) can assign specific functional roles to users based on the functions they need to use. User management mainly includes: user, user group, role, and user basic attribute management.
-
User: The system user who has an account for Guanyuan Data products;
-
User Group: A grouping of system users, where users belonging to the same subsidiary, department, or team can be set as the same user group;
-
Role: A custom identity with specified functional permissions, serving as a platform functional role, which is different from typical business roles (manager, finance, etc.).
2. User
2.1 Viewing User Information
First, click the "Management Center" button in the upper right corner of the page to enter the management center interface.
Next, select the "User" option in the user management section to see the list of users in the company domain. Select a user to view detailed information and perform specific operations.
Then, click the "New User" button above the user list to add a new user to the current company domain.
The name, email, password, and role of the new user are required fields, while others are optional. Administrators can also batch create users by downloading a template table. Click the "..." button on the right to batch export existing users.
Finally, the left panel allows you to quickly switch between enabled or disabled user lists; click the icon on the right to batch enable/disable users.
Note: By default, disabled users are not returned in user searches. If you need to restore previous behavior (searching for disabled users), contact technical support to set the feature switch.
2.2 User Information Management
Edit User Information
Click the "Edit" button in the upper right corner of the page to add, modify, and improve user information.
The basic information tab includes basic information (name, account, etc.) and other information (WeChat Work account, department, etc.).
Note: There may be cases where multiple users share the same mobile phone number or email. For this situation, Guanyuan BI does not enforce uniqueness checks on user mobile numbers and emails. Different users can use the same mobile number and email.
Switch to the permissions information tab to configure user permissions information (account type, role, etc.).
User Permission Transfer
User permission migration supports partial migration, i.e., choosing to transfer only owner/visitor permissions (when a user has both owner and visitor permissions, it is considered owner permission here). It also supports selecting the permission scope by resource type. For example, if person A was previously responsible for data processing and analysis, but now only for data processing, and person B is responsible for data analysis, then dashboard and application permissions can be transferred to person B. The recipient supports unified addition (all copied/transferred to the recipient) or type-based addition (owner resources to one person, visitor resources to another). Note that in transfer mode, there is the concept of a single resource owner, such as ETL owners can only be one person, and the recipient can only be one person.
Permission Transfer Operation: Supports copy and transfer modes. Copy mode retains the original user's permissions, while transfer mode does not.
Click the "Transfer" button in the upper right corner of the page to transfer all permissions of the user to other users or user groups. This operation will transfer all resources (cards, pages, datasets, ETL, data accounts, form entry, data screens, subscriptions, alerts, custom maps, light applications, desktop applications, slides, task monitoring, notification management) owned by the user. After the transfer, the user will no longer be allowed to edit the resources they previously owned. Please operate with caution.
Entry: Management Center > User Management > User > Permission Transfer
Partial migration is supported, i.e., choosing to transfer only owner/visitor permissions (when a user has both owner and visitor permissions, it is considered owner permission here).
It also supports selecting the permission scope by resource type. For example, if person A was previously responsible for data processing and analysis, but now only for data processing, and person B is responsible for data analysis, then dashboard and application permissions can be transferred to person B.
The recipient supports unified addition (all copied/transferred to the recipient) or type-based addition (owner resources to one person, visitor resources to another).
Note: In transfer mode, there is the concept of a single resource owner, such as ETL owners can only be one person, and the recipient can only be one person.
Note: When transferring form entry permissions, if the permission is owner and there are multiple recipients, the data set access account permission will be randomly transferred to any user.
(1) Transferable Resources
If the user is the owner of a resource, the "transfer" permission to the new user grants the new user owner permission for the resource, including the following:
| No. | Module to Transfer | Content Included |
|---|---|---|
| 1 | Card | ~ |
| 2 | Page | ~ |
| 3 | Dataset | ~ |
| 4 | ETL | ~ |
| 5 | Data Account | ~ |
| 6 | Form Entry | ~ |
| 7 | Dataset Permission Template | ~ |
| 8 | Folder | ~ |
| 9 | Composite Report | ~ |
| 10 | Data Screen | ~ |
| 11 | Subscription | Card subscription, merged subscription, page subscription, dataset subscription |
| 12 | Alert | Card alert, dataset alert |
| 13 | Custom Map | ~ |
| 14 | Light Application | ~ |
| 15 | Desktop Application | ~ |
| 16 | Slide | ~ |
| 17 | Task Monitoring | Owner, recipient |
| 18 | Notification Management | ~ |
(2) Transfer Message Prompt
- After the transfer, a pop-up window will prompt which contents were successfully transferred and which failed.
.png)
Note: If the user stays on the current page, there will be a relevant prompt; if the user leaves or switches windows, the message will not be prompted on the interface.
(3) Deletion Check
- If the user still has resources not transferred, the user cannot be deleted;
(4) Role Restrictions During Transfer
Can only be transferred to a higher account type, as follows:
-
Administrator can only transfer to administrator;
-
Regular users can only transfer to administrator or regular user;
-
Read-only users can transfer to: administrator, regular user.
Note: After the transfer, the recipient's account type does not change.
(5) Other Explanations
During transfer, the user group and role information of the transferred user are not processed.
Add Role/User Group
Switch to the "Permission Information" tab and select a role to add. The user will become a member of the selected role. The operation to add a user group is the same.
View User Resource Permissions
Switch to the "Permission Information" tab and click the "Edit" button in the upper right corner to modify the user's permissions for dashboards, datasets, and folders. Permissions include visitor, owner, and exporter.
- Owner: Usually the creator of the resource. The owner can share the resource's permissions with other users.
- Visitor: Can only view, not edit the resource.
- Exporter: Can export the resource.
3. Role Settings
Roles are specific permission groups assigned by administrators to each account, and each role has its corresponding functional permission information.
a. The system has three preset account roles: read-only user, regular user, and administrator.
b. System roles mainly refer to group administrators. When the group administrator function is enabled, you can see the list of group administrator members and the user groups each group administrator can manage in user management. For more information about group administrators, please click to view [Group Administrator](3-Group Administrator.md).
c. Custom roles: Support creating custom roles and assigning corresponding functional permissions as needed.
4. User Group Settings
User groups are used to classify and assign users, allowing enterprise administrators to manage various user permissions more directly and conveniently.
4.1 Create User Group
In Management Center > User Management > User Group, select "User Group" in the left list to see the list of user groups in the company domain. Ways to create a user group:
Method 1: Click the "New User Group" button above the list.
Method 2: Create under a sub-user group.
If many user groups were created in the early stages of product use and account synchronization was enabled later, you can configure the account sync ID for manually created user groups. Enter the user group details page, click the edit button for basic information to enter edit mode, maintain the external ID information, and save.
Note:
After maintaining the external ID, if account synchronization is also enabled, ensure that the user group dataset contains the external ID, otherwise, user groups may be deleted by mistake.
The external ID of user groups created via Public API is not the same as the external ID for account synchronization. Please distinguish between them.
4.2 Edit User Group Details
Select a user group to view its details, including the number of sub-user groups, users, and members in the group. Select the corresponding sub-user group or member to add to the group. You can also delete existing users.
4.3 View User Group Permissions
Switch to the "Permission Information" tab to edit user group permissions, similar to user permission editing.
4.4 Move User Group
Click the "Move" button in the upper right corner of the user group details page to move the user group and modify the organizational hierarchy.
4.5 Transfer User Group Permissions
Click the "Transfer" button to transfer the resources (cards, pages, datasets, ETL, data accounts) owned by the user group to another user group. After the transfer, the user group will no longer be allowed to edit the resources it currently owns.
5. User Basic Attribute Management
User basic attribute management refers to the addition and modification of users' basic information by administrators. Basic attributes include name, account, email, etc.
5.1 Basic Attribute Settings
In the management center interface, select "User Basic Attribute Management" in the left list to manage user-related information.
The system's default basic attributes are: name, email, mobile, and role. Enterprises can configure additional user basic attributes as needed for easier management. Row and column permissions can directly use user basic attributes for settings.
When a new attribute is added here, it will also be displayed when creating a new user or setting row permissions.
Note: Do not use the same name as an existing attribute.
5.2 Batch Settings
When you need to modify a large number of user attribute information, to save time, you can use "Batch Upload" to download the template table, modify the information, and then upload it to quickly update user attribute information.
6. Account Synchronization
Supports automated creation, modification, disabling, and deletion of users and user groups through specified datasets. For more information, please refer to the [Account Synchronization](1-Account Synchronization.md) document.
Note: To reduce the risk of users being mistakenly deleted due to misconfiguration, please configure the anti-deletion policy first.
Supports setting the maximum number of accounts/user groups that can be deleted in a single account synchronization. If the number of accounts to be deleted in a batch exceeds the set limit due to problematic datasets, the system will not automatically perform the synchronization to ensure users are not mistakenly deleted. You need to modify the limit or run manually to restart the synchronization.
-
Maximum number of users to delete in account synchronization: If the number of users to be deleted in a batch exceeds this limit, the user synchronization will fail.
-
Maximum number of user groups to delete in account synchronization: If the number of user groups to be deleted in a batch exceeds this limit, the user group synchronization will fail.
-
Handling of user accounts deleted in the account synchronization dataset: For accounts that should be deleted in the synchronization operation, you can choose to disable instead of delete.
7. Permission Rules
Permission management rules include data export permission control, group permission control, group administrator settings, and resource authorization scope control. Users can choose to enable or modify these settings in permission rules. For details, see [Permission Rules](2-Permission Rules.md).