Recently, Quick Audience has completed a comprehensive upgrade of the permission system, which can solve the demands of different brands, different operating organizations and different consumers of the group enterprise, guarantee the security of enterprise data access in a fine way, and improve the flexibility of management and control.
The whole system of Quick Audience is divided into two layers: organization management and work space. An organization can contain multiple workspaces, and the data in each workspace is isolated.
At the organizational level, the organization administrator has the highest authority of the system and can operate and manage data and functions of all Spaces. Spatial level, divided into administrator, developer, analyst, and custom roles, the scope of authority is limited in this space.
In practical application, if there are multiple brands in the group, data isolation is needed between them. It is suggested to directly correspond the “organization” in the Quick Audience system to the “group” and each “workspace” to each “brand” subordinate to the group. Group managers control and delegate table rights at the organizational level of the system, so that different original table data can be seen in different workspaces. At the same time, each space also has a certain degree of operational autonomy, so that space personnel can operate and control.
In addition to the analysis based on the group’s data, it can also bind the brand’s own data sources for data analysis.
Without a brand data isolation scenario, there is no need to divide multiple workspaces and just work within the default space.
The following will be a detailed introduction from the two aspects of data control and personnel control.
1. Data control, which can only be operated by organizational administrators, can be set in the Management Center/Organization Management/Data Authorization. The realization process is as follows: First, complete the creation of data source
Click the operation function of data to set permissions. Through table permissions, row permissions and column permissions, different degrees of data control can be realized.
• If a table belongs to a workspace, you can set it with table permissions.
• If A membership table contains both brand A’s and brand B’s member data, row filtering can be performed on the specified fields through the row-level permission function.
• If some of the label columns in the membership table are exclusive to a workspace, they can be set by column permissions. Row and column permissions can be used at the same time to achieve precise data control.
2. Personnel control, which is divided into two scenarios: organization and workspace. • Organizational administrators can carry out global control, which can be set in the management center/organization management/organization members, mainly to complete the operation of adding and deleting members of the organization and modifying roles.
• The space administrator can only control the members in this space, which can be set in the management center/workspace/space member management, mainly to complete the increase and decrease of space members, role management and user group setting.
The original link
This article is the original content of Aliyun, shall not be reproduced without permission.
