Table of Contents generated with DocToc

• Published App Permission Control
  • Restricted Use of Author Data
  • Add Permission Control
  • Visible Data Range
  • Use of Viewer Data
  • Add Permission Control
  • Visible Data Range
• Relationship Between Connection Permissions and Published App Permissions Control
  • Published App Permission Control
  • Connection Permissions
  • Relationship Between the Two

Published App Permission Control

Restricted Use of Author Data

The setup of restricted use of author data permission control primarily facilitates the situation where, as the app faces an increasing number of users, it becomes very cumbersome to create new datasets and charts for each user individually. Through permission control, it is only necessary to set corresponding access permissions for users in the dataset; if there are new requirements, you only need to add the respective row permissions.

Add Permission Control

Click the button Permission Control in the upper right corner:

Click Add Rule:

Open the permission control settings page. The interface is divided into two main areas: the left area is for the rule name list where you can add and search for rules, and the right side is for user selection and row permission addition.

• Step One: Add Rule

  Click Add Rule to create a new rule and modify the rule's name;

  

• Step Two: Select Users

  Select the users this rule will apply to by scrolling the scroll bar and ticking the checkbox at the end of the user column. You can also search for users in the search box. You can sort viewed users into categories using the dropdown box in the upper right corner for selected and non-selected users:

  

• Step Three: Add Permission Control

  Click on Data, which takes you to the row permission control page. The comparison value in row permissions can be parameter values, and in some cases, user attributes may be chosen.

  Row permissions can choose user attributes for comparison conditions:

  • Text: except for empty/not empty, all comparison methods can choose user attributes as the comparison values.

  • Number: the comparison values for "equals" / "does not equal" can choose user attributes.

  • Date: the comparison values for "equals" / "does not equal" can choose user attributes.

  Select multiple datasets and add row permission controls respectively. These row permissions can be "AND" or "OR" relationships. Select the dataset to add row permissions to in the first dropdown box, choose the field in the second dropdown box, and specify the comparison method and the comparison value.

  • Parameter Value

  Choose the parameter value for comparison method:

  For example: Add row permissions for the chosen users in the rule "Children's Movies":
  For dataset a_ivt_movie: Data visible is only the rows where field "prime_genre" equals the parameter value "Animation";
  For dataset kick off kick: Data visible is only the rows where field "income" is greater or equal to "10000";

  

  • User Attributes

  Choose user attributes for the comparison method (setting method for user attributes see User Management):

  For example, add row permissions for the chosen users in the rule "Regional Managers":

  For dataset kick off kick: The field "order" equals "User Attribute", in the dropdown box connected with user attributes, all user attributes in the system will be listed:

  

  Choose the user attribute config.org3:

  

  When users within this rule access the app, in the charts that rely on the kick off kick dataset, they will only be able to see the row data in the field "order" that equals to their own user attribute value of config.org3.

• Step Four: Preview

  Click on Preview, where, when previewing data, you can switch between datasets to see which data is visible for all datasets with added rules.

  

• Step Five: Save

  Click save and the rule is successfully added, and the window closes.

• View the Set Permission Rules

  Click on Permission Control again to review the set permission rules. The "Unsaved" behind the rule name will update to the number of people in the rule.

  

Visible Data Range

With restricted use of author data, the data visible in the charts to the viewer is constrained by the row permissions in the permission control and falls into two scenarios:

1. Published app's internal permission control that only specifies users without setting row permissions

• Only the specified users can access the ApplicationUser in the app marketplace, and other users have no access;

• The data visible when viewing charts is completely consistent with the data visible to the app's publisher within the published app.

1. Published app's internal permission control that specifies users and also sets row permissions

• Only the specified users can access the app in the app marketplace, and other users have no access;

• The data visible when viewing charts is on the basis of the data visible to the app's author, plus the row permission filters in the app marketplace.

Notes on Permission Control:

1. If the rule only saved the user without setting data, then that user has the permission to view all data from all datasets of the app;
2. For internally published apps, besides users with set permissions, other users logging into the system cannot see that app;
3. When the same user appears in multiple rules, the data visible to that user is a union of the allowed data from those rules;
4. When choosing "parameter value" as the comparison method in row permissions, the field value is directly compared with the comparison value;
5. When choosing "user attributes" as the comparison method in row permissions, the field value is compared with the attribute value of the selected user attribute.

Use of Viewer Data

The setup for use of viewer data permission control is primarily for situations where permissions have already been set on the data connection, specifying users for access to the app.

Add Permission Control

• Click the Permission Control button in the interface, which will redirect you to the permission control settings page. Clicking Add Rule will take you to the page for adding rules. The interface is divided into two main areas: the left area is for rule name list, where you can add and search rules, and the right is for user selection:

  

• Step One: Add Rule

  Click Add Rule to create a new rule and change the rule's name.

• Step Two: Select Users

  Select users by scrolling the vertical scroll bar and ticking the checkbox at the end of the user column. You can also use the search box to find users. Use the dropdown box in the upper right corner to categorize users into selected and non-selected.

  

• Step Three: Save Rule

  Click save, and once the rule is saved successfully, the selected users can log in and view the app.

Visible Data Range

Each chart depends on a dataset, and each dataset depends on a data connection. The visible data to the viewer is determined by their own access permissions on the data connection:

• Only the specified users can access the app in the app marketplace, and other users have no access;

• When viewing charts, the visible data is all the data within the access permissions that the current user has on the dependent connection of the chart:

  • If the viewer has data permissions for the chart's dependent connection: they can see the data within those permissions;
  • If the viewer does not have data permissions for the chart's dependent connection: the chart will have no data.

Relationship Between Connection Permissions and Published App Permissions Control

Published App Permission Control

The permissions set within the published app by the app publisher are described in detail in the Restricted Use of Author Data and Use of Viewer Data sections.

Published app permission control pertains to the control of the access to data within the dataset:

• App owner: can see all data of the dataset

• Non-app owner access: only authorized users can access the data within permissions

Connection Permissions

Permissions set by the creator of the data connection include table permissions and directory permissions, detailed in Connection Permissions

Permissions control for data connections pertains to access control for tables within the database:

• Connection owner: has complete access permissions for the connection

• Non-connection owner access: only authorized users can access information within permissions

Relationship Between the Two

After the connection owner assigns permissions to different users on the data connection, users within the permissions can see the data within the set permissions when viewing the connection's tables or using the connection to create datasets;

• Use of Viewer Data publication

  Accessing the app published with use of viewer data means the viewers are using their data to interface with this app. While viewing charts, the visible data is within the range allowed by their permissions on the data connection;

  Which permissions control this: Permissions set by the data connection's owner for the visiting user on that connection.

• Restricted Use of Author Data publication

  The app published with restricted use of author data means viewers are using the app owner's data to interface with this app, though the publisher can add permission controls. While viewing charts, the visible data is the app owner's data plus the restrictions from the permission controls;

  Which permissions control this: It's the row permissions set by the app owner in the app marketplace for the visiting users, in addition to the permissions that the dataset owner has on the data connection on which the chart is reliant.

• Public Use of Author Data publication

  The app published with public use of author data means viewers are using the app owner's data to interface with this app. When viewing charts, the visible data is the complete data from the app owner;

  Which permissions control this: The permissions on the data connection of the user who owns the datasets used in the charts.