Published at: 2025-10-30
Data Access Permissions in BI Platform
BI Platform Inherits Data Permissions from Business Permissions
What range of data can I see for the objects involved in analysis?
- Core Objects: The visible data permissions align with business permissions (consistent with the data seen on the object list page).
- Associated Objects: If you can see the core object’s data, you can view associated object data in charts. Specific explanations:
- In Reports, you can see fields configured in the report columns. However, when clicking on the primary attribute to view object details, it still follows the data permissions of the associated object.
- In Statistic Charts, you can see the calculated metric values of associated object data. However, when viewing metric details, it still follows the data permissions of the associated object.
- Sub-object Subject (e.g., Order Product Subject): Data permissions follow the Primary Object. If you can see the order, you can see the order product data.
- Report Administrator: Can view all object data in charts.
I. General Subject Data Permissions
Example using the Account subject:
| Scenario | Consistent with Account List Scene Data |
|---|---|
| My Responsibilities | Accounts for which I am the responsible person |
| Responsible by My Subordinates | Accounts for which my subordinates are the responsible persons |
| My Responsible Departments | Accounts belonging to the Departments and sub-departments I am responsible for |
| Shared With Me | Accounts shared with me (all sharing methods) |
| All | All of the above |
- Under Account subject analysis:
- Account is the core object, Contract, Payment Collection, Opportunity, Sales Order are associated objects. Therefore, the data permissions for accounts that can be analyzed are consistent with the account list. In charts, you can analyze the Opportunity and Order data of these authorized accounts.
- When viewing details of Opportunity Amount and Order Amount metrics, it will still follow the current viewer’s data permissions for the object.
II. Special Subject Data Permissions
2.1 Personnel Subject Data Permissions
The logic for controlling Personnel Subject data permissions is relatively special.
| Scenario | Description |
|---|---|
| Myself | Data for which I am the responsible person |
| My Subordinates | Data for which my subordinates are the responsible persons |
| My Responsible Departments | Data for which the primary department is the one I am responsible for, including sub-departments |
| Shared With Me | 1. Only statistics based on “source” shared data, not other shared methods (e.g., conditional sharing) 2. When there are multiple metrics, take the intersection of the shared range of metric statistical objects |
| All | All of the above |
Note: Because there are multiple association relationships between objects and personnel, the above responsible person relationship can also be changed to other personnel relationships in the rules.
Scenario Example: Why is data shared with Amy through the source, but Amy still cannot see it under the Personnel subject?
- Scenario Restoration:
- Department Org Structure: Level 1 Department: Sales Center; Level 2 Departments under Sales Center: South China Region and North China Region; Level 3 Departments under South China Region: Guangzhou Branch and Shenzhen Branch, Level 3 Departments under North China Region: Hebei Branch;
- The administrator shared Opportunities from the “North China Region” department, Orders and Payment Collections from the “South China Region” department with Amy. When Amy views the Statistic Chart under the Personnel subject and selects “Shared With Me,” she cannot see Opportunity Amount, Order Amount, or Payment Collection Amount data.
- Reason Analysis:
- Because the shared range for Opportunities, Orders, and Payment Collections under the Personnel subject takes the intersection, there is no range.
- If changed to share Opportunities from the “Shenzhen Branch” with Amy, then when selecting “Shared With Me,” Amy can view Opportunity Amount, Order Amount, and Payment Collection Amount data from the Shenzhen Branch, as the intersection is the Shenzhen Branch.
Summary: BI is relatively “strict” in controlling permissions for the “Shared With Me” part. When multiple objects are simultaneously analyzed, only when the shared data range has an intersection can all metrics be viewed. Otherwise, none can be viewed.
- Note: Sharing “Personnel” object data cannot obtain all business data permissions of associated personnel, but can only obtain the target value and completion value permissions of that personnel.
2.2 Department Subject Data Permissions
The logic for controlling Department Subject data permissions is relatively special.
- Mainly applicable to Roles with larger permissions, such as Department Heads, Bosses, Administrators, etc.
- Report Administrators and CRM Administrators can see all department data.
- Department Heads can see data for the departments they are responsible for.
- Department Assistants can see data for the departments they assist.
- Ordinary employees can analyze data shared based on their affiliated department.
2.3 Account Pool and Lead Pool Data Permissions
- When analyzing employee data obtained through Account Pool Administrator/Member identity from the Account Pool, you can create report analysis using the specific template “Account Pool Account Statistics”:
- Reports created using this template can view data permissions consistent with the “Account Pool” list page. When using “Affiliated Account Pool” filter, the selectable range is also consistent with the range in this list.
- Similarly, for Lead Pool, you can create reports using the “Lead Pool Data Summary” template. The viewable data permissions are consistent with the “Lead Pool” list page. When using “Lead Pool” filter, the selectable range is also consistent with the range in this list.
