Recently, Quick Audience has completed a comprehensive upgrade of the permission systemTo solve the demands of different brands, operating organizations and consumers of group enterprises, to ensure the security of enterprise data access and improve the flexibility of control.
Quick Audience The whole system is divided into two layers: organization management and working space. An organization can contain multiple workspaces, and data for each workspace is isolated.
At the organization level, organization administrators have the highest rights to manage data and functions in all Spaces. At the space level, there are administrators, developers, analysts, and custom roles. The scope of permissions is limited to this space.
In practical application, if there are multiple brands in the group, data isolation between them is required. It is suggested to directly set “organization” in the Quick Audience system to “group”, and each “workspace” to each “brand” subordinate to the group. Group management personnel control and delegate table permissions at the organizational level of the system, so that different original table data can be seen in different workspaces. Meanwhile, each space also has a certain degree of operation autonomy, which can carry out the operation control of space personnel.
While analyzing according to the group’s data, it can also bind the brand’s own data source for data analysis.
If there is no branded data isolation scenario, you do not need to divide multiple workspaces and only need to operate in the default space.
The following will introduce data control and personnel control in detail.
1. Data control, which only organization administrators can operate, is set in the management center/Organization Management/Data Authorization. The implementation process is as follows:
Start by creating the data source
Click the operation function of data to set permissions To control data in different degrees by table permissions, row permissions, and column permissions.
- If a table is exclusive to a workspace, you can set it with table permissions.
- If A member table contains both the member data of brand A and the member data of brand B, row filtering can be performed on the specified field through the row-level permission function.
- If some of the label columns in the membership table are exclusive to a workspace, you can set them with column permissions. Row and column permissions can be used at the same time to achieve precise data control.
2. Personnel control, divided into two scenarios: organization and workspace.
-
An organization administrator can perform global management control and configure this function in the management center, organization management, and organization members to add or delete organization members and modify their roles.
-
Space administrators can only manage and control space members, which can be configured in the management center, workspace, and space member management. Space administrators can add or subtract space members, manage roles, and set user groups.
The original link
This article is the original content of Aliyun and shall not be reproduced without permission.