App Settings

Each user with administrative privileges for an application (specifically, their own applications in the personal zone, and applications in team spaces and data markets for which they have administrative privileges) will have a settings menu. In this settings menu, you can set the data permission mode for the app, and set row permissions for datasets. You can also enable the sharing link for the application in the application settings, and set the chart interaction in the sharing link.

Application Devices

Dashboards have different display styles on desktop and mobile devices. Application settings now include application device settings, and the corresponding device's editing page is rendered according to the configuration, making it more convenient for users who only use a single display device.

The image below shows examples on both desktop and mobile devices.

The display device can be modified at any time during the app editing process. The display device of the app will be presented on the card. Query apps only support display on PC.

Read-Only Mode Interaction Settings

The interactive permissions that can be set when sharing a public link include: viewing detailed data, exporting data;

When sharing a public link, the default interaction permissions are: viewing detailed data is not allowed, and exporting data is not allowed. After sharing according to the default settings, operations such as viewing detailed data and exporting data in the shared link will not be available.

View Data

When the interaction permission is set to "View Detailed Data", there are two formats for viewing data in the shared link chart:

The first method: Select a dimension group, click to bring up, and select Details to view the data details of the current group.

The second method: Click View Data in the upper right corner to view the detailed data of the fields used in the current chart.

Caution

Chart Click Interaction Behavior set to No Response, when the app is published, regardless of whether "View Data" or "Drill Down" is checked, clicking on chart dimensions in the shared link will not respond, meaning the hexagon menu will not pop up.

Export Data

In the case where Export Data is checked for interaction permissions, aggregated data and detailed data of the chart can be exported from the shared link:

• Export Data from Charts in Dashboards

  In a dashboard, select a chart and click Export Data to export the aggregated data of the chart:

• Export Data in Chart

  In the chart, click the export button to expand the dropdown, and select Export Data to export the aggregated result data of the chart:

• Download data from the View Data in the upper right corner

  In the chart, click View Data in the upper right corner, and in the pop-up window, select Download Data to download the detailed data of the chart:

• Download Data in Grouped Chart Details

  In the chart, select a dimension group and click Details. In the pop-up window, select Download Data to download the detailed data of the selected group. For example, when viewing data for the "2020/6" group:

Data Permissions

By setting data permissions for the application, users can only view and use data within the permitted scope, achieving data distribution. Administrators can decide which data users can see when accessing the application.

Data permissions are divided into three types: App Author, Dataset Author, and User; when creating an App, the App defaults to App Author permission.

App Author

Using the App Author permission, it is primarily used for scenarios where analysts build analytical models, and all users with access to the app within the system can view the complete data within the app created by the analyst without the need for additional permission settings.

All accounts with access to the application can see the same data as the application creator.

The administrator of the application can set row-level permissions on datasets to restrict data access. Accounts with access to the application that have been granted row-level permissions will see data that is a combination of the application owner's data and the data allowed by the row-level permissions.

Dataset Author

Dataset authors, using the data published by creators to deploy applications, achieve the reporting and sharing of operational indicators, enabling relevant teams to promptly discover and adjust strategic directions.

Using Dataset Author permissions is also a form of sharing within the system. The publisher can set permission controls within the app to specify which accounts can access the app and the data access scope for each account, thereby granting read permissions for the app to designated users.

The administrator of the application can add rules to the dataset, and non-administrator accounts with access to the application will see data that is based on the dataset owner's view with added row-level permissions.

User

Use user data to control the scope of user access to data through permissions on the data connection, making it easy for enterprises to build rich data applications embedded in different business systems using HENGSHI SENSE products.

Using user data is a form of sharing within the system. Any account with access to the application, as specified by the application publisher during permission control setup, will have visibility over the data scope within the application, which is governed by the connected permission control.

In User mode, the engine feature is unavailable. Additionally, row-level permissions do not take effect in this mode, and data viewing is controlled by the current account's connection permissions.

Caution

Switching to User is not allowed if there are datasets imported by the engine in the app.

Permission Control

In the mode of using App Author permissions and using Dataset Author permissions, application administrators can set permissions for datasets, including row permissions and column permissions.

Tip

When the data permission setting uses the User permission mode, the application administrator cannot set permissions for the dataset.

Row Permissions Addition Rules

Open the permission control settings page, click the plus sign next to the row permission rule, and add row permissions for the dataset.

• Step 1 Select User Click on the user to select the user for whom row permissions need to be set. These users will be able to see data that meets the row permission rules.

• Step 2 Select Permission Setting Method, Supporting Simple Filtering and Expression Filtering

  In the case of simple filtering, the comparison value in row permissions can be a parameter value, and in some cases, user attributes can also be selected.

  Row permissions can select comparison conditions based on user attributes:

  • Text: Except for empty/not empty, all comparison methods can select user attributes as the comparison value;

  • Number: The comparison values for the equal/not equal comparison methods can select user attributes;

  • Date: The comparison values for the equal/not equal comparison methods can select user attributes;

  Select multiple datasets and add row permission controls for each. The row permissions here can be "and" or "or" relationships. In the first dropdown, select the dataset to which you want to add row permissions, and in the second dropdown, select the field, specify the comparison method, and the comparison value.

  • Parameter Value

    Comparison method selects parameter value:

    For example: Add row permissions for the selected users in User, and add row permissions for two datasets separately: Dataset Manufacturing Sales Data: The visible data is only the rows where the field "Region" is equal to the parameter value "Location".

    

  • User Attribute

    Comparison method selects user attribute (see User Management for setting user attributes):

    For example: Add row permissions for the users selected in the rule "Area Manager":

    Dataset User Attribute: The field "Region" is equal to "User Attribute". In the dropdown connected to the user attribute, all user attributes in the system will be listed. Select the user attribute Province Attribute:

    

    When users within this rule access the application, in charts that depend on the User Attribute dataset, they can only see the rows where the field "Region" is equal to their own user attribute value.

• Step 3 Preview

  Click Preview to preview the data. When previewing, you can switch datasets to view which data is visible for all datasets with added rules.

  

• Step 4 Save

  Click Save, the rule is added successfully, and the window closes.

Column Permission Addition Rules

Control the visibility of dataset fields to users through column permissions. When a column permission is set for a specific field in a dataset, users will not be able to see that field when viewing the dataset.

Setting permission rules is relatively simple. Select the user, dataset, and fields that are invisible to the user, then click Save.

Editing Rules

Click the Edit button on the rule to edit the already set permission rules.

Delete Rules

Click the Delete button on the right side of the rule to delete the set permission rule.

Caution

Row-level permissions set on datasets will not be propagated downstream, for example: dataset C = A join B, row-level permissions are set on dataset A and B respectively: A where a = $user.a and B where b = $user.b, then the tableSql of C is A join B, and will not be A where a = user.a join B where b = $user.b If users need to control permissions, additional row-level permissions need to be set on C.

Calculation Method Between Rules

• Intersection of row permissions and column permissions For the same user and the same dataset, the dataset after the row permissions and column permissions are applied is the intersection.

• Union of multiple rules within row permissions or column permissions For the same user and the same dataset, if multiple rules are created, the final effective permissions are the union of the rules.

For example, in Rule 1, User A is granted access to data in the "Beijing" region, and in Rule 2, User A is granted access to data in the "Shanghai" region. Ultimately, User A can access data in both the "Beijing" and "Shanghai" regions.

Relationship Between Connection Permissions, Data Permissions, and Row Permissions Control

Connection permission control is the first line of defense, controlling who can access the data connection and what data they can access when accessing the data connection.

Data permissions control which data users should see when accessing the dataset in the application: the application author's, the dataset author's, or the user's own.

Row permission control is the further control of dataset data distribution after determining the data permission mode of the application, i.e., the data of the dataset.

Chart Data Cache Period

The chart data cache period refers to the time period during which the chart data for each query is read from the cache. The default is 3600 seconds, or 1 hour. This means that the chart data is stored in the cache for 1 hour, and the system refreshes the data when the cache period is exceeded.

Each app supports custom settings for chart data cache periods. If not set, chart data updates will follow the time specified in System Settings -> Chart Data Cache Period.

Date Attribute Settings

The system date display format is fixed from Monday to Sunday, but different business statistical cycles vary. Some business statistical cycles start from Sunday to Saturday. In this case, you can customize the start date of each week through date settings, making it convenient for users to perform data cycle statistics, year-over-year and month-over-month comparisons, and other operations.

Date attribute settings take effect across the entire application. Date-related parameter controls, date filters, and other controls within the application will display according to the configured date attributes. Period calculations such as year-over-year and month-over-month comparisons will also be calculated based on the configured date attributes.

Paginator Settings

Please refer to App Page Turner for detailed usage of the page turner.

Global Carousel

Global rotation refers to the rotation display of dashboards within an app in full-screen mode. It supports two methods: sequential rotation and random rotation. The rotation interval can be set to 5 seconds, 10 seconds, 30 seconds, 60 seconds, 120 seconds, 5 minutes, 10 minutes, 15 minutes, or 20 minutes. After enabling automatic rotation, the app will automatically rotate the dashboards according to the settings when entering full-screen mode.

Public Link

When selecting the App Author permission or the Dataset Author permission, a sharing link can be generated (not available for User). Both system users and non-logged-in users can view the app through the shared link.

Please note

Public links are not subject to the restrictions of Row Permissions Control in App Settings. That is, regardless of whether the user is logged in, the data seen through the public link is filtered based on the data connection permissions of the Dataset Author or App Author, and row permissions do not take effect. In the mode using the Viewer permission, the public link button is not enabled.

Public Link Settings

The public link for the app supports the following settings.

Public Link QR Code

App public links support sharing via QR codes. Click the QR code on the right to obtain it. Mobile users can view the app by scanning the code, making sharing more convenient and faster.

Hide Dashboard Title

When "Do not display dashboard" is checked, the dashboard title at the top (highlighted in the red box) will not be displayed when previewing the public link. The "Full Screen", "Refresh", and "Export" function buttons on the right side of the dashboard title will also not be displayed. Corresponding parameters will be generated in the app link.

Hide Paginator

When "Do not display pager" is checked, the pager (highlighted in the red box in the image) will not be displayed when previewing the public link. Corresponding parameters will also be generated in the application link.

Password Required Access

For users outside the system, you can share dashboard-related information using a public link + password method to protect data security. The system is configured with a random password by default, and also supports users to edit and define the public link password themselves.

HMAC Signature Protection

Many enterprises are highly sensitive to data and do not wish for it to be viewed indiscriminately. Therefore, to ensure the security of shared URL filtering, we have added HMAC hash verification functionality in App Settings -> Public Links.

The specific steps are as follows:

1. The system administrator enables HMAC signature protection in Settings -> Security Policy -> Data Privacy Protection.

Only when HMAC signature protection is enabled in Settings -> Security Policy -> Data Privacy Protection can users see the key and copy the key.

2. Users enable Public Link and HMAC Signature Protection in App Settings -> Public Link.

• When HMAC signature protection is enabled, the expiration time can be set as needed. If not set or set to 0, there is no expiration time. The calculation of the expiration time is valid within the interval before and after the current time. For example, if the expiration time is set to 60 seconds and the HENGSHI server time is 2021-01-01 10:10:10, the public link will be valid between 2021-01-01 10:09:10 and 2021-01-01 10:11:10.

3. When an unauthenticated user accesses a public link, they will be prompted with "Parameter verification failed."

4. When accessing a public link, a signature must be calculated to embed the shared URL. Click on the signature icon, fill in the popup according to the example, and click calculate to obtain the signature result.

5. The format of the embedded shared URL is: shareUrl?having={having}&where={where}&utcSecond={utcSecond}&signature={signature}.

Example:

• Unauthenticated users accessing the following link with a signature parameter (HMAC hash verification enabled) will not see any data after changing "Beijing" to "Shanghai", and the system will prompt "Parameter verification failed":

https://develop.hengshi.org/#/share/app/E5FA041D8/dashboard/1?where=[{"op":"in","kind":"function","args":[{"kind":"field","op":"city","dataset":1},{"kind":"constant","op":["Beijing"],"dataset":1}]}]&signature=bf576f3de3259555e2247b64bd341a27a237ef87

Tip

The system administrator can reset the HMAC key in the system settings, and at the same time, users need to update the key (64-bit hmacKey) in their logic for generating the "hash value".

Metric Alerts

Apply the indicator alert function to monitor the indicators of charts in the application. When the indicators reach the threshold conditions, notify the user so that they can promptly perceive changes in business indicators and adjust business strategies accordingly. The indicator alert supports setting multiple alerts, each of which can customize the detection time and alert frequency. Alerts can be notified to users via email and Webhook. Currently, this feature is temporarily unavailable in the application release state. The indicator alert is also supported in tenant scenarios and can be set for applications shared by the platform.

Set Metric Alerts

Follow the instructions below to set up metric alerts.

1. In the indicator alert interface, click to create a new alert.

2. Fill in the alert name and alert conditions. Select the chart where the alert metric is located, and set the alert rules. Each chart can have multiple alert rules, and you can choose the trigger conditions for the alert rules, setting the alert to trigger when any rule is met or when all rules are met.

3. Set up alert trigger time.

• Set the indicator detection frequency, which can be hourly, daily, weekly, monthly, or custom.
• Notification settings refer to the number of times users are notified when the alert condition is met, either once or continuously. Notifying once means that the user is notified when the indicator meets the alert condition during the current detection. If the indicator still meets the alert condition during the next detection, the user will not be notified. Continuous notification means that the user will be notified whenever the indicator meets the alert condition.
• Exception handling refers to the task processing when the detection task encounters an exception, which can be set to retry on failure or pause on failure. Retry on failure means that the task will be restarted after failure, based on the retry interval and number of retries. Pause on failure means that the task will be paused after a certain number of failures, and the app owner will be notified.

4. Set up notification methods, including email notifications, Webhook, WeChat Work, and Feishu. For detailed configuration methods, please refer to the relevant introduction in the Subscription section.

Subscription

The platform supports the immediate or scheduled push of dashboards within an app to users inside and outside the organization, allowing target users to instantly view the business metrics they need as a basis for decision-making in business operations, enabling timely responses and adjustments to business directions.

Platform data analysts, for applications with management permissions, including personal space, team space applications in the creation module, and applications in the application module, can set up email push notifications. Each application can have multiple subscriptions, pushing different content to different users.

Tenant scenarios also support subscription features, and you can set up subscription tasks for apps shared by the platform.

Create Subscription Task

Each subscription task includes a subscription name and subscription delivery. The method of subscription delivery varies depending on the delivery method, with settings for email notifications, WeChat Work, Feishu, and Webhook. These four methods can be used simultaneously, such as setting up both email notifications and WeChat Work subscription methods.

Email Notification

Email notifications are sent via email to inform you of relevant business information about dashboards. Before using email notifications, please ensure that the SMTP service has been configured.

• Select User: Fill in the system user for email notification.
• Other Email Address: When the recipient is not a system user, fill in the recipient's email address.
• Email Content: Includes email subject, email body, and select dashboard. Email content supports custom plain text, supports system parameters, app parameters, and user attributes.
  • System parameters include app name, app URL, and email push date.
  • App parameters
  • User attributes The example below shows the email content written using various parameters and user attributes, as well as the situation when the email is sent.
• Advanced Configuration: Supports previewing dashboard images in the body, attaching dashboard links in the body, and attaching dashboard data (the result data of dashboard analysis, displayed as a file in the email attachment).
• Special Configuration: Sends a prompt email when the email content is too large.

WeCom

Enterprise WeChat method notifies users in the form of Enterprise WeChat messages and supports adding dashboard information in the message. Before enabling the Enterprise WeChat method, you need to configure the token information in the Authorization Method. Please contact the system administrator for configuration (configuration is required only once), otherwise it will affect the use of the function.

Step 1: Prepare the Enterprise WeChat App

Users need to create an enterprise-built application based on the Authentication Method.

Step 2: Obtain User ID

Follow the tutorial to obtain the user_id.

Step 3: Configure Enterprise WeChat Trusted IP

Enter the management page of the previously created WeChat Work app to configure the enterprise trusted IP.

Step 4: Configure WeChat Work Push Content

When subscribing to dashboard messages using the WeChat Work method, the following content needs to be configured, including:

• Message Title: Required, no more than 100 characters, supports the use of parameter information.
• Send Members: Required. Enter user id, supports entering multiple users, separated by English commas.
• Message Content: The system sends a fixed message content by default, supports user-defined message content. Custom plain text, supports system parameters, app parameters, and user attributes.
• Select Dashboard: Select the dashboard information to be sent in the subscription message.
• Advanced Configuration: You can attach dashboard snapshot images and dashboard links in the message.

Feishu

Feishu notifications are sent to users in the form of messages within the Feishu app and support adding dashboard information to the messages. Before enabling Feishu notifications, token information configuration is required in the Authorization Method. Please contact the system administrator for configuration (configuration is required only once), otherwise, it will affect the functionality.

Step 1: Prepare the Feishu App

Create App

Users need to create a self-built application for their enterprise based on the Feishu Tutorial or Authorization Method.

Enable Permissions

Users need to enable the following permissions for the application:

Permission Name	code
Get user ID	contact:user.employee_id:readonly
Get user ID by phone number or email	contact:user.id:readonly
Get and send single chat, group messages	im:message
Send messages as app identity	im:message:send_as_bot
Send messages in bulk to members of one or more departments	im:message:send_multi_depts
Send messages in bulk to multiple users	im:message:send_multi_users
Get and upload image or file resources	im:resource

Enable the Robot

Enable the bot feature for your custom app according to the Feishu Tutorial.

Publish

Publish App

Step 2: Obtain User ID

Follow the tutorial to obtain the user_id.

Feishu user IDs come in various types, and the type you need to obtain is user_id.

Step 3: Configure Feishu Push Content

When subscribing to dashboard messages using the Feishu method, the following content needs to be configured, including:

• Message Title: Required, no more than 100 characters, supports the use of parameter information.
• Send Members: Required. Enter the user_id obtained previously, supports entering multiple users, separated by English commas.
• Message Content: The system sends a fixed message content by default, supports user-defined message content. Custom plain text, supports system parameters, app parameters, and user attributes.
• Select Dashboard: Select the dashboard information to be sent in the subscription message.
• Advanced Configuration: You can attach dashboard snapshot images and dashboard links in the message.

Webhook

When using Webhook, users need to customize the message request method and request content.

• URL: The system sends a request to the corresponding HTTP address, and parameters can be concatenated after the URL.
• Request Method: Supports four methods: GET, POST, PUT, DELETE.
• Request Headers and Request Body: Fill in the request headers and request body according to the alert content. Both the request headers and request body can carry alert information. In the example, the POST method is used to send messages, with the alert content filled in the request body to notify users to handle it. The GET request only includes request headers.
• Select Dashboard: Select a dashboard as the content to be sent at regular intervals.

Subscription Push Plan

Email subscription settings are complete. When clicking on a subscription in the subscription list page, the details of the settings are displayed. In the top-right corner of the details page, you can click "Push Now" to immediately push the app to the target recipients. You can also choose "Push Schedule" to set up scheduled email pushes, and the emails will be delivered to the recipients at the agreed time.

• Basic Information: Set the number of retries upon execution and the priority of the task. Task priority is divided into high, medium, and low levels. High-priority tasks are processed first.
• Scheduling Information:
  • Set the scheduling time for the task, with the option to set multiple scheduling times. Supports setting execution plans by hour, day, week, and month.
    • Hour: Can set the minute of each hour for updates.
    • Day: Can set a specific time of day for updates.
    • Week: Can set a specific time of day for updates on selected days of the week.
    • Month: Can set a specific time of day for updates on selected days of the month.
    • Custom: Can set the update time points manually.
  • Set the pre-dependencies for the task, with the option to set multiple pre-dependency tasks.
  • Set the dependency wait time.
• Alert Information: Enable failure alerts. When a task fails to execute, an email notification will be sent to the recipient.

Subscription Push Records

In the upper right corner of the email push details page, select "Push Records" to view all push history and logs for the application.

Push Permission Rules

• The content of the email push received by users within the system has the same data permissions as App -> Settings -> Data Permissions.

• External users receive the content of email push notifications with data permissions equivalent to the app author's permissions.

Visible Data Source Settings

Click App -> Settings, navigate to the Visible Data Source Settings area.

The purpose of visible data source settings is to configure the data sources that can be used when creating charts in this application, including data packages from the current application and the data mart.

When users only want to use a specified data source for charting in a specific app, they can set that data source to be visible. This avoids the need to select from a lengthy dropdown list of numerous data sources each time they create a chart, making charting more convenient for users.

• The visible data sources are disabled by default. When disabled, all data sources are visible.

• When enabled, only the data sources selected in the visible data sources are visible. These data sources will appear in the data source dropdown list when creating charts.

• If no data sources are selected, the data source dropdown list when creating charts will be empty.

• If only one data source is selected, the data source dropdown list when creating charts will default to that data source. You do not need to switch data sources when creating charts; you can directly select the dataset.

• The visible data source setting does not control backend data source permissions; it only controls the data source list when creating charts in the current application.

Version Management

After certain apps are released, they continue to update and release new versions, so an app may have many versions. New versions overwrite the old ones, and users cannot view the content of a specific historical release.

Application version management function saves the data and related analysis content when the application is published. When you need to revert to a historical version, you can find that version in application management, restore it with one click, quickly and conveniently. The application version management function is temporarily not available for tenant scenarios.

The application version retains all content related to data analysis: dashboards, datasets, data models, parameters, paginators, etc. Settings related to connections and permissions cannot be retained. The application automatically retains versions upon release. To avoid occupying a large amount of memory space, only the last 3 versions are retained, and earlier versions will be automatically deleted.