Skip to content

Permission Control

When using the App Author permission and the Dataset Author permission mode, the app administrator can set permissions for the dataset, including row-level and column-level permissions.

Tip

In the User permission mode for data permissions, the app administrator cannot set permissions for the dataset.

Row Permission Adding Rules

Open the permission control settings page and click the plus sign on the right side of the row permission rules to add row permissions to the dataset.

  • Step 1: Select Users Click on the users and select the users for whom row permissions need to be set. These users can view data that complies with the row permission rules.

  • Step 2: Choose Permission Setting Method, Supporting Simple Filtering and Expression Filtering

    In the case of simple filtering, the comparison value in row permissions can be a parameter value, and in some cases, user attributes can also be selected.

    Row permissions can choose comparison conditions based on user attributes:

    • Text: Except for "is empty/is not empty," the comparison values for all comparison methods can be selected as user attributes.

    • Number: The comparison values for "equals/not equals" can be selected as user attributes.

    • Date: The comparison values for "equals/not equals" can be selected as user attributes.

    Select multiple datasets and add row permission controls separately. The row permissions here can be in an "AND" relationship or an "OR" relationship. In the first dropdown, select the dataset to which row permissions are to be added. In the second dropdown, select the field, specify the comparison method, and set the comparison value.

    • Parameter Value

      Choose parameter value as the comparison method:

      Example: Add row permissions for the selected users in Users. Add row permissions for two datasets separately: Dataset Manufacturing Sales Data: The visible data is only the rows where the field "Region" equals the "Parameter Value" "Location."

    • User Attributes

      Choose user attributes as the comparison method (see User Management for how to set user attributes):

      Example: Add row permissions for the users selected in the rule "Regional Manager":

      Dataset User Attributes: Field "Region" equals "User Attribute." In the dropdown connected to user attributes, all user attributes in the system will be listed. Select the user attribute Province Attribute:

      When users under this rule access the app, they can only see the rows in the field "Region" that match their own user attribute values in charts dependent on the User Attributes dataset.

  • Step 3: Preview

    Click Preview. When previewing data, you can switch datasets to view which data is visible for each dataset with added rules.

  • Step 4: Save

    Click Save. The rule is successfully added, and the window closes.

Column Permission Adding Rules

Column permissions control whether dataset fields are visible to users. When column permissions are set for a specific field in a dataset, users will not be able to see that field when viewing the dataset.

The rules for setting column permissions are relatively simple. Select the user, dataset, and the fields that should be invisible to the user, then click save.

Editing Rules

Click the Edit button on the rule to modify the configured permission rules.

Delete Rules

Click the Delete button on the right side of the rule to remove the configured permission rule.

Please Note

Row-level permissions set for a dataset will not be propagated downstream. For example: dataset C = A join B, where row-level permissions are set on dataset A and B as follows: A where a = $user.a and B where b = $user.b. In this case, the tableSql for C will be A join B, and not A where a = $user.a join B where b = $user.b. If users need to control permissions, additional row-level permissions must be set on C.

Calculation Methods Between Rules

  • Intersection Between Row Permissions and Column Permissions For the same user and the same dataset, the dataset affected by row permissions and column permissions will take the intersection.

  • Union Within Multiple Rules of Row Permissions or Column Permissions For the same user and the same dataset, if multiple rules are created, the final effective permissions will be the union of these rules.

For example, in Rule 1, User A is granted access to data in the region "Beijing," and in Rule 2, User A is granted access to data in the region "Shanghai." Ultimately, User A can access data from both "Beijing" and "Shanghai."

Relationship Between Connection Permissions, Data Permissions, and Row-Level Permissions

Connection permissions control is the first line of defense. It determines who can access the data connection and what data can be accessed through that connection.

Data permissions control what data users should see when accessing the dataset in the application: the application author's data, the dataset author's data, or the user's own data.

Row-level permissions further control the distribution of dataset data after the application's data permission mode, i.e., the dataset data, has been determined.

User Manual for Hengshi Analysis Platform