Published at: 2025-10-30
BI Platform Data Permissions
BI Platform Inherits Data Permissions from Business Roles.
What data scope is visible for objects involved in analysis?
- Primary Objects: Data visibility aligns with business permissions (consistent with what you see on the object list page).
- Related Objects: If you have visibility to the Primary Object’s data, you can view related object data in charts. Details:
- In Reports, you can see fields configured in report columns. However, clicking a primary attribute to view object details still follows the related object’s data permissions.
- In Charts, you can see calculated metric values from related object data. But when drilling down into metrics, the related object’s data permissions still apply.
- For Sub-object themes (e.g., Sales Order Products), data permissions follow the Primary Object. If you can view the Sales Order, you can view its product data.
- Report Administrators: Can view all object data in charts, including voided data (equivalent to CRM administrators).
picture coming soon:
1. General Theme Data Permissions
Using the Account theme as an example:
| Scenario | Description |
|---|---|
| My Responsibilities | Accounts where I am the owner |
| Responsible by My Subordinates | Accounts owned by my subordinates |
| My Responsible Departments | Accounts belonging to departments I manage (including sub-departments) |
| Shared With Me | Accounts shared with me (all sharing methods) |
| All | Combines all the above scenarios |
- Under Account theme analysis:
- Account is the Primary Object, while Contracts, Payment Collections, Opportunities, and Sales Orders are Related Objects. Thus, visible Account data aligns with the Account list, and charts can display Opportunity or Sales Order data for Accounts you have permissions to view.
- When drilling down into metrics like Opportunity Amount or Sales Order Amount, the viewer’s permissions for those objects still apply.
picture coming soon:
2. Special Theme Data Permissions
2.1 Personnel Theme Data Permissions
Personnel theme data permissions follow unique logic.
| Scenario | Description |
|---|---|
| Myself | Data where I am the owner |
| My Subordinates | Data owned by my subordinates |
| My Responsible Departments | Data owned by personnel in departments I manage (including sub-departments) |
| Shared With Me | 1. Only includes data shared via “Source” (excludes conditional sharing). 2. For multiple metrics, only intersections of shared scopes are visible. |
| All | Combines all the above scenarios |
Note: Since objects and personnel have multiple relationships, the owner relationship above can be replaced with other personnel relationships in rules.
Example Scenario: Why can’t Amy view data in the Personnel theme even after it was shared via “Source”?
- Scenario:
- Org Structure: Sales Center (L1) → North China (L2) → Hebei Branch (L3); South China (L2) → Guangzhou & Shenzhen Branches (L3).
- Admin shared North China’s Opportunities and South China’s Sales Orders/Payment Collections with Amy. When Amy selects “Shared With Me” in the Personnel theme, she sees no data.
- Reason:
- The shared scopes for Opportunities, Orders, and Payments have no intersection.
- If Shenzhen Branch’s Opportunities were shared instead, Amy would see data because the intersection is Shenzhen Branch.
- Summary: BI enforces strict permissions for “Shared With Me.” When multiple objects are analyzed, only intersecting shared scopes are visible.
Note: Sharing Personnel object data does not grant access to all their business data—only their target/achievement metrics.
2.2 Department Theme Data Permissions
Department theme permissions are role-specific.
- Applies to roles with broad permissions (e.g., department heads, executives, admins).
- Report Admins and CRM Admins can view all department data.
- Department Heads can view their managed departments.
- Department Assistants can view data for departments they assist.
- Regular Employees can analyze data shared with their departments.
2.3 Account Pool and Lead Pool Permissions
- To analyze Account Pool data (e.g., for pool admins/members), use the “Account Pool Statistics” template:
- Reports created with this template mirror the Account Pool list page’s permissions. The “Affiliated Account Pool” filter options match the list’s scope.
- Similarly, use the “Lead Pool Summary” template for Lead Pool analysis, aligning with the Lead Pool list’s permissions and filter scope.
picture coming soon:
picture coming soon:
picture coming soon:
picture coming soon: