Published at: 2025-10-30

BI Platform Feature Management

BI Platform feature permissions are primarily controlled based on the current viewer’s permissions, determining which BI-related menu entries are accessible. These include:
Menu When this entry is visible
Reports At least one visible chart (combination of “View” permission at the Subject level + “View” permission at the Chart level)
Dashboards This menu is visible to all users
Subscription Management At least one Subject domain with “Subscription” permission
Report Permission Management At least one Subject domain with “Create” permission
Report Logs Only visible to Report Administrators and CRM Administrators
Statistic Indicator Management Only visible to Report Administrators and CRM Administrators
Goals “View List” permission for the “Goal Value” object
Goal Completion Status Visible if the Goals menu is visible

1. Chart Operation Permissions

What operations can I perform on charts?
  • What charts can I create?
  • What charts can I view?
  • What charts can I edit/delete?
  • What charts can I subscribe to/export/forward/share?

1.1 Subject Domain Permissions

The logic for controlling BI chart operation permissions is consistent with business objects, controlled through the “Role” of the employee. BI chart operation permissions are managed through the functional permissions of the “Subject Domain” owned by the “Role.”
A Subject Domain is an object centered around a core object for analysis, as introduced in Reports and Statistic Charts. When creating Reports and Statistic Charts, the “xx Analysis” entries you see are Subject Domains. Therefore, each chart belongs to a specific Subject Domain. The operations you can perform depend on the permissions you have for each Subject Domain.
image

1.2 Chart-Level Permissions

How to control permissions more granularly than at the Subject Domain level?
Scenario Example: Amy is an assistant to the boss, providing data insights. She has the Report Administrator role (with operation permissions for all Subject Domains). Scott is a salesperson who needs to analyze data to understand account sales and follow-up situations. He has view, edit, and delete permissions for the “Account Analysis” Subject Domain. Amy created a Statistic Chart “Sales Situation of Accounts in Various Regions” through the “Account Analysis” Subject Domain. Scott viewed the chart and further edited and saved it.
Problem: Amy wants the charts she creates to be visible only to certain people and not editable or deletable by others. To solve this, we provide more granular Chart-Level permission control, allowing further permission control for specific charts.
  • View Permissions:
    • Public: Visible to all personnel;
    • Private: Visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
  • Operation Permissions:
    • Edit: Permission to edit the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • Delete: Permission to delete the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • Export: Permission to export the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • Subscribe: Permission to subscribe to the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • Share: Permission to share the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • Forward: Permission to forward the chart; visible only to selected personnel, Departments, Department Heads, User Groups, or Roles.
    • The above view and operation permissions are based on having the Subject Domain permissions.
image
image

1.3 System Preset Report Permissions

The “System Preset Report” Subject Domain controls the operation permissions for all preset charts.
Preset Charts: Different from charts created by enterprise users, preset charts are those provided by the system for enterprises to use out-of-the-box, visible to all employees, such as the preset modules on the homepage and charts in the preset Dashboard.
  • CRM Administrators, Report Administrators: Have “View, Edit, Delete, Forward, Export, Share” permissions;
  • Non-administrator Roles: Have “View” permission, can configure “Edit, Delete, Forward, Export, Share” permissions;
  • “Edit” means saving preset charts as personal charts; “Delete” means deleting personal charts generated by saving preset charts.
image
image

1.4 Statistic Indicator Management Permissions

The “Statistic Indicator Management” Subject Domain controls the operation permissions for Statistic Chart subjects and indicators.
The main permissions for Statistic Indicator Management are: View, Create, Edit, Delete, Enable, Disable, among which:
  • View: Access to the “Statistic Indicator Management” page in the report list, visible to all subjects and indicators;
  • Create: Can create any subject and indicator, selecting Create automatically selects View and Create permissions.
  • Edit: Can edit all subjects and indicators.
  • Delete: Can delete any subject and indicator, selecting Delete automatically selects View and Disable permissions.
  • Enable: Can enable subjects and indicators.
  • Disable: Can disable subjects and indicators. Note: With view permissions, you can view unused indicators on the Statistic Indicator Management page; with disable permissions, you can disable indicators on the “Unused Indicators” page; with disable and delete permissions, you can disable and delete indicators on the “Unused Indicators” page.
image

2. Dashboard Permissions

2.1 Custom Dashboard Backend Permissions

The logic for controlling custom Dashboard operation permissions is consistent with business objects, controlled through the “Role” of the employee. Dashboard operation permissions are managed through the functional permissions of the “Dashboard Permissions” owned by the “Role.”
Backend permissions include: View, Create, Edit, Delete
  • View: Permission to view the Dashboard;
  • Create: Permission to create a Dashboard;
  • Edit: Permission to edit the Dashboard;
  • Delete: Permission to delete the Dashboard; Note: Only controls custom personal Dashboards
image

2.2 Preset Dashboard Backend Permissions

The logic for controlling preset Dashboard operation permissions is consistent with business objects, controlled through the “Role” of the employee. Dashboard operation permissions are managed through the functional permissions of the “Dashboard Permissions” owned by the “Role.”
Backend permissions include: View, Edit, Delete
  • View: Permission to view the Dashboard;
  • Edit: Permission to edit the Dashboard;
  • Delete: Permission to delete the Dashboard; Note: Only controls preset personal Dashboards
image

2.3 Dashboard Page Permissions

Dashboard types (selectable when saving a new Dashboard): Personal type or Enterprise type. View permissions: Public, Private
  • Public: Visible to all personnel with backend view permissions
  • Private: Visible to specified personnel with backend view permissions
Dashboard Type Who Can Create Data Permissions
Personal Type Roles with backend create permissions Follows the viewer’s personal data permissions: If Employee A shares a “Personal” type Dashboard with Employee B, B views it with B’s personal data permissions
Enterprise Type Only CRM Administrators and Report Administrators Follows the data permissions of the authorizer: If Administrator A authorizes an Enterprise type Dashboard to B, B views it with the administrator’s data permissions (data range can be constrained through global filtering). Solves the scenario where employees do not have data permissions but need to gain insights through large screens
Dashboard operation permissions explanation:
Operation Permission Description
Create Roles with backend create permissions can create “Personal Type” Dashboards, CRM Administrators and Report Administrators can create “Enterprise Type” Dashboards
Edit Individuals can edit their own created Dashboards, can edit Dashboards shared/authorized to them by others with edit permissions, CRM Administrators and Report Administrators can edit all Dashboards
Delete Individuals can delete their own created Dashboards, can delete Dashboards shared/authorized to them by others with delete permissions, CRM Administrators and Report Administrators can delete all Dashboards
Share Can share their own created “Personal Type” Dashboards with others for viewing, once sharing is canceled, others can no longer view
Authorize Only CRM Administrators and Report Administrators can authorize “Enterprise Type” Dashboards to others for viewing, once authorization is canceled, others can no longer view
Hide Individuals can hide all Dashboards visible to them as needed, effective only for themselves, does not affect others
image
  • The “Dashboard Management” operation entry is only accessible to CRM Administrators and Report Administrators. Different roles within the enterprise (e.g., enterprise owners, finance, Department/region heads, ordinary sales personnel) can view different Dashboards.
    • The Dashboards displayed by default for employees within the applicable scope will include those assigned by administrators, as well as those created by employees themselves, shared/authorized by others, and newly added preset Dashboards from version iterations;
    • If employees have already adjusted the displayed Dashboards or order before administrators assign them, the administrator’s assignment will override the employee’s adjustments;
    • Employees can further adjust based on the administrator-assigned Dashboards, such as hiding, adjusting order, etc.
    • When an employee meets multiple group settings simultaneously, the first group setting that applies will be used by default.
image

3. Object/Field Permissions

The BI platform inherits business permissions, and the visible objects and fields when viewing charts are consistent with the business side.
Amy is a salesperson and does not have object permissions for the “Payment Collection” object (View List permission), so Amy:
  • Cannot select the Payment Collection object when creating reports;
image
  • Cannot view details when viewing reports with Payment Collection as the main business module;
image
  • Cannot view fields and statistics when viewing reports with Payment Collection as an associated module;
image
In the Statistic Chart indicator detail view, not all fields are visible.
image
  • Amy has object permissions for “Payment Collection” but does not have field permissions for the “Total Amount of This Payment Collection” field, so Amy:
    • Cannot select this field when configuring reports;
    • Cannot view this field in report and Statistic Chart indicator detail views, displayed as *****.
image
image
  • Special Objects: Business Process Instances, Business Process Tasks, Approval Process Instances, Approval Process Tasks, Process Stages, Behavior Score Details. These objects do not have independent object permission control:
    1. The version used by the enterprise has capabilities for Business Processes, Approval Processes, Pipeline, and Behavior Scores;
    2. And the enterprise has “Enabled” process definitions; then they can be selected for analysis.
image
Submit Feedback
Previous
Multi-dimensional Target Management Permissions