BellaDati distinguishes between two basic permission schemes:

    • Assigning user roles
    • Permissions assigned by sharing

    User roles

    BellaDati implements following user roles:

    • General BellaDati user - this role is assigned by default to all BellaDati users and this cannot be changed. Such users have only the very basic access to BellaDati functions: report and dashboard view, user profile editing

    This role is usually sufficient for report or dashboard consumers such as general managers or company management members.

    He can't create his own reports, but other users (report editors) can share their reports with him - even with permission to edit their reports. For users who can only view the report can be also different control types. See the list of allowed operations for selected control type.

    • Report editor - report editor is able to create, edit, comment and share analytical reports. He can create reports only from his own or shared data sets. Therefore it's usual that users with "report editor role" have also the "data manager" role.
    • Data manager - data manager cares about the parts of the data warehouse. His job is to prepare and import data into particular data sets, control and edit the source data, create alarms and join existing data sets. He is also able to prepare translation for particular indicators, attributes and members. He is owner of data sets, which he creates during the imports. He can share data sets with other users (report editors) or directly use them if he has also "report editor" role.
    • Domain administrator - domain administrator a specific and important user role. He cares about the users and user groups. He is able to create or import users, delete them, change their profile information and passwords and assign user roles to particular users or whole user groups (he may assign "domain administrator" role to other users as well) . He has available all the statistics of his domain. He can even delete all the content of domain (data sets, reports, dashboards) or forbid the publishing of domain content on the web. He is the only one user who sees all the data sets in his domain. Therefore this user role should be assigned to only one competent user.

    It's possible to combine all user roles mentioned above. Eg. both roles data manager and report editor assigned at the same time allows such user performing the whole process from setting up a data source, modelling data set, report creation and sharing dashboards.

    Icon

    System administrator: There is also a System administrator role in BellaDati. This user role is not required for BellaDati Cloud usage. However this role could be useful for BellaDati On-Premise or Unlimited Cloud tariffs, especially for large enterprise companies or international business groups that require managing more separated domains (eg. for their SBU). System (Global) administrator can change the global settings, enable and disable features of each domain and access any content. This user cannot create own content (data sets and reports).

    Icon

    User roles can be assigned to user groups as well. These roles are merged with standard user roles results - particular user has both roles together. Here is an example:

    • user has report editor role
    • user is member of a user group, which have the data editor role
    • in result, user has report and data editor roles, the second one is inherited from the user group.
    Icon

    Only domain or system administrators can reassign user roles.

    Permissions

    Permissions are granted to users while sharing data sets or reports. There two levels of shared permissions:

    • Read-only access
    • Full access

    Owner: Each data set, report or dashboard has always assigned one user that has full access and also can manage sharing in addition to that. These user are called owners and usually are the creators of the data set, report or dashboard.

    Icon

    Permissions assigned by sharing particular data sets or reports have priority over standard user roles. This means user with only general user role assigned can have permission to edit particular data set or report which has been shared with him on full access level!

    Permission combinations

    Permissions can be granted to a user or a user group. When there are multiple permission simultaneously (one for a user and one for a user group to which the user belongs), edit rights or the lowest view access rights have priority. Edit rights have always preference over view rights. Lower view rights have always preference over higher view rights.

    Example:

    When user has limited controls and user group all controls -> limited controls will be used.

    When user has all controls and user group limited controls -> again limited controls will be used.

    When user has edit rights and user group all controls -> edit rights will be used.

    User rightsGroup 1 rightsGroup 2 rightsResult
    Viewer - Limited controlsEditor-Editor
    EditorViewer - Limited controls-Editor
    Viewer - Limited controlsViewer - No controls-Viewer - No controls
    Viewer - All controlsViewer - No controls-Viewer - No controls
    Viewer - No controlsViewer - All controls-Viewer - No controls
    -Viewer - All controlsViewer - No controlsViewer - No controls

     

    Next Steps