Permission Management Overview

Quick Start: Configure User Permissions in 5 Minutes

If this is your first time configuring permissions, it is recommended that you follow these steps:

1. Set the account type
2. Assign feature permissions
3. Configure resource permissions
4. Optional: set data permissions

Typical scenario: let a new employee view only sales reports

Step	Action	Configuration Path
1	Set the user account type to Read-Only User	Admin Center > User Management > Users > Permission Information > Account Type
2	Assign the Dashboard Viewer role to the user	Admin Center > User Management > Users > Permission Information > Custom Roles
3	Authorize the sales report folder to the user	Data Analysis > Folder > Batch Authorization
4	Optional: configure row- and column-level permissions	Data Preparation > Dataset > Data Security > Row and Column Permissions

Guandata Product Permission Framework

Permissions in Guandata BI are divided into feature permissions, resource permissions, and data permissions. They determine whether you can use a function module, open a page or Dataset, and view specific parts of the data.

Concept	Description	Example	Learning Path
Feature Permissions	Control access to features, as well as actions such as create and edit	Users in User Group A can edit dashboards but cannot edit Datasets	Feature Permissions
Resource Permissions	Control operations such as view and edit on specific business resources, such as Dashboards, Datasets, and ETL jobs	One dashboard called Daily Operations Report can be viewed by 5 user groups and edited by 2 users	Resource Permissions
Data Permissions	Control the final visible scope of data and fields	Users in the sales group cannot view the Cost field in Dataset A Users in the East China sales group can view only East China sales data	Row- and Column-Level Permissions

Permission Verification

When the system verifies permissions, it checks feature permissions, resource permissions, and data permissions at the same time, forming a three-layer authorization mechanism. Only when all three layers are satisfied can the user access the data normally.

Permission Configuration Entry Points

Permission Type	Where It Is Configured	Path
Feature Permissions	Role	Admin Center > User Management > Roles > Select Role > Role Permissions
Resource Permissions	Specific resource	Resource Detail Page > Permission Management
Data Permissions	Dataset	Data Preparation > Dataset > Select Dataset > Data Security > Row and Column Permissions

Permission Verification Logic

The system checks whether a user can access data according to the following logic:

1. Feature permission check: does the role assigned to the user include permission for this feature?
2. Resource permission check: does the user have view or edit permission for this resource?
3. Data permission check: is the user allowed to view this data content?

Example: to export a dashboard, the user must satisfy all of the following

Check Layer	Requirement	Configuration Location
Feature Permissions	Has the Dashboard Export feature permission	Role permission configuration
Resource Permissions	Has the Exporter permission on the dashboard	Dashboard permission management
Data Permissions	Has permission to view the data inside the dashboard	Dataset row- and column-level permissions

Note

These three layers are in an AND relationship. All of them must be satisfied. If any one is missing, the operation is denied.

Permission Verification Quick Reference

Feature Permissions	Resource Permissions	Data Permissions	Result	Troubleshooting Suggestion
✅ Yes	✅ Yes	✅ Yes	✅ Full data can be viewed	—
✅ Yes	✅ Yes	⚠️ Restricted	⚠️ Only part of the data can be viewed	Check row- and column-level permission settings
✅ Yes	❌ No	✅ Yes	❌ Resource cannot be opened	Check resource permission settings
✅ Yes	❌ No	❌ No	❌ Resource cannot be opened	Check resource permissions first
❌ No	—	—	❌ Feature entry is not visible	Check role permission configuration

Permission-Related Concepts

Permission Rules

A set of configuration items used to accommodate different enterprise requirements for how strict permission control should be. It is used to control:

• who can grant permissions
• which users or user groups can receive permissions

Examples:

• Allow permissions to be granted only to the user's own user group
• Disallow granting permissions to user groups

Direct Authorization

Directly configure permissions for a specific user.

Permission Type	Description
Feature Permissions	Directly associate a role with a user. The user then receives the feature permissions configured on that role
Resource Permissions	Directly grant permissions to a specific user
Data Permissions	Directly configure row- and column-level permissions for a specific user on a Dataset

Indirect Authorization

The user inherits permissions through another object.

Permission Type	Indirect Authorization Method	Description
Feature Permissions	User Group	The user inherits feature permissions from the user group
Resource Permissions	Folder / User Group	The user inherits permissions through folder-based batch authorization or a user group
Data Permissions	User Group / Permission Template	The user obtains row- and column-level permission rules through a user group or permission template

Batch Authorization

Batch authorization is used to configure permissions for multiple users or resources at one time.

Permission Type	Batch Method	Description
Feature Permissions	User Group	Batch authorization based on user groups. Members of the group inherit the feature permissions associated with the roles linked to the group
Resource Permissions	Folder	Batch authorization based on folders. Resources inside the folder can inherit the same resource permission settings
Data Permissions	Permission Template	Configure row- and column-level permissions through a data security template and associate it with specific Datasets. Permission templates can be reused when configuring row- and column-level rules