Hengshi Documentation

Table of Contents generated with DocToc

Tenant Management

Feature Description

Hengshi system supports SaaS operations of the platform side, which provides data and tenant management, while tenants carry out data analysis in the Hengshi system.

Features provided to the platform side: Full-line functionalities of Hengshi system.

Features provided to the tenant side:

  • System management: Management of users within the tenant.

  • App creation: Application creation in personal and shared areas. Permission settings are only applicable within the tenant.

  • App marketplace: Applications published by the tenant, available only to the tenant itself.

A typical usage scenario is when a data provider has data on the beverage market and sells it to its clients such as Coca-Cola and Nestlé for their use. The data provider brings the data into the Hengshi platform, processes it, and encapsulates it into usable data packs. Coca-Cola and Nestlé can then perform their own data analyses using these data packs.

Another typical scenario is as follows:

Role Definitions

Product Side

Hengshi Technology, offering HENGSHI SENSE as an analysis platform or embedded analysis platform.

Platform Provider (Platform Side)

A SaaS vendor in a specific vertical, such as eBest, usually has its own SaaS service.

Platform User

Users of the platform provider.

Enterprise Tenant

A medium to large enterprise served by eBest, such as Carlsberg or Mars, each as an enterprise tenant.

Enterprise User

Users within an enterprise tenant.

Workflow

  1. The platform side purchases the Hengshi system.

    The platform purchases Hengshi products and must apply for a "multi-tenant function" license to enable the system's multi-tenant capabilities.

    The multi-tenant license contains two customizable values: tenant trial period duration limit, and trial user number limit. The duration limit is by default 30 days, and the user limit is 5 people by default. The specific values can be provided according to contract contents when applying for a business license; Hengshi will generate the appropriate license according to the requirements.

  2. The platform side creates tenants.

    There are two ways to create a tenant:

    • Creating a tenant within the Hengshi system
    • The platform side enables a multi-tenant authentication mode, selects a platform to interface with, taking Enterprise WeChat as an example, the platform side lists the Hengshi system as a third-party application on Enterprise WeChat, and the tenant's Enterprise WeChat administrator installs the Hengshi system for internal use, prompting Hengshi system to automatically create a tenant

    Tenants created via the above two methods are in trial status, and the platform side applies for an official tenant license from Hengshi product side, updates the license in the Hengshi system, and the tenant then enters the official usage stage.

  3. The tenant has its own organizational structure within Enterprise WeChat. The tenant's administrator adds a third-party application in Enterprise WeChat: Hengshi analysis system, selecting who has access permissions.

  4. When saving, Enterprise WeChat verifies whether the tenant can add the Hengshi analysis system and whether the number of people exceeds the limit.

  5. Once authentication is passed, the Hengshi system automatically registers tenant information, creates tenant users, and pulls tenant attribute information.

  6. The tenant's system administrator opens the application, sees system management, app creation, and the app marketplace; additionally, the new tenant admin role can only see user management in the system settings, while the tenant's regular users opening the application can see app creation and the app marketplace.

  7. When the platform side does not distribute data to users, users can only upload Excel or use Hengshi's built-in library to make charts.

  8. The platform side adds data connections and datasets in the Hengshi system, assigns them to tenants, adds corresponding permission controls, and then, when tenants make charts, they can use the data from the data marketplace.

Tenant Management

Users on the platform provider's side with the "System Administrator" role can access the tenant management function.

Open Settings -> Tenant Management. The platform side can see a list of tenants, the number of logged-in users, the number of apps, etc., but cannot manage tenant users.

The tenant administrator is responsible for managing tenant users.

Creating a Tenant

Creating a tenant will create a tenant and tenant administrator; the tenant administrator can manage tenant users.

Viewing

Click on the three-dot menu in the Action column, bringing up tenant operations: view, edit, disable/enable, update authorization.

View means to view tenant information.

Editing

Click edit to edit the company name and reset the tenant administrator's password.

Enable/Disable

You can enable or disable the tenant.

Update Authorization

You can update the authorization code, such as updating from a trial authorization code to a formal one.

Tenant Login Settings

Tenant Authentication Method

You can switch between Platform Account and Enterprise WeChat Service Provider.

Platform Account

Use HENGSHI authentication for verification.

Enterprise WeChat Service Provider

Authenticate using Enterprise WeChat Service Provider, with configuration as follows:

Default Login Interface

Both the Platform Login and Tenant Login interfaces are effective; this setting simply designates the default login interface.

Platform Login

Platform login URL: https://xx.hengshi.org/#/login

Tenant Login

Tenant login URL: https://xx.hengshi.org/#/tenant-login

User Management

On the User Management page, what the platform provider's administrators see are only their own users (/api/users?tenant_id=null).

What tenant administrators see are only their own tenant's users (/api/users?tenant_id=XXX).

User login to the Hengshi system is done through oauth2 authentication (as is done with Enterprise WeChat). Users must be authenticated by Enterprise WeChat and registered in the Hengshi system to be able to log in.

Platform Side Distributing Data to Tenant

Creating Data Packs

The platform side creates data packs in the data marketplace. The "Data Permissions" of the data pack should be set to "App Author" or "Dataset Author".

Setting Data Pack Access Permissions

After creating a data pack, the platform side authorizes the data pack, or the folder it is in, for access to the tenant.
ALL_TENANTS: All tenants

Setting Row-level Permission Control

Set different data permissions for each tenant through the "Row-level Permission Control" of the data pack.

Select the users to control row permissions for; users not selected won't be affected by row permission control and will see all data in the data pack.

Tenant User Operations

System Administrator

  • User management: Manage users within the tenant.

System Administrator + Data Manager

  • Data Marketplace:
    • For data packs authorized by the platform side, the tenant manager can only view and authorize to users within the tenant but cannot perform other operations;
    • Tenant managers can create their own data packs, currently only supporting local file uploads, and data set creation using Hengshi's built-in engine (this limit doesn't apply once data connection authorization is given to tenants).

Data Manager

  • Data Marketplace:
    • For data packs authorized by the platform side, they can only view packs authorized by the tenant manager;
    • Depending on the tenant manager's authorization, they can create/manage/edit/view their own data packs.

Data Analyst

  • App Creation
  • App Marketplace

Data Viewer

  • App Marketplace