BellaDati distinguishes between two basic permission schemes:
- Assigning user roles
- Permissions assigned by sharing
BellaDati implements following user roles:
- General BellaDati user - this role is assigned by default to all BellaDati users and this cannot be changed. Such users have only the very basic access to BellaDati functions: report and dashboard view, user profile editing
This role is usually sufficient for report or dashboard consumers such as general managers or company management members.
He can't create his own reports, but other users (report editors) can share their reports with him - even with permission to edit their reports. For users who can only view the report can be also different control types. See the list of allowed operations for selected control type.
- Report editor - report editor is able to create, edit, comment and share analytical reports. He can create reports only from his own or shared data sets. Therefore it's usual that users with "report editor role" have also the "data manager" role.
- Data manager - data manager cares about the parts of the data warehouse. His job is to prepare and import data into particular data sets, control and edit the source data, create alarms and join existing data sets. He is also able to prepare translation for particular indicators, attributes and members. He is owner of data sets, which he creates during the imports. He can share data sets with other users (report editors) or directly use them if he has also "report editor" role.
- Domain administrator - domain administrator a specific and important user role. He cares about the users and user groups. He is able to create or import users, delete them, change their profile information and passwords and assign user roles to particular users or whole user groups (he may assign "domain administrator" role to other users as well). He is able to access all the statistics of his domain. He can even delete all the content of domain (data sets, reports, dashboards) or forbid the publishing of domain content on the web. He is the only user who sees all the data sets in his domain. Therefore this user role should be assigned to only one competent user.
- User manager - cares about the users and user groups. He is able to create or import users, delete them, change their profile information and passwords and assign report editor and/or data manager user roles to particular users or whole user groups. User manager cannot assign User manager, Domain administrator or IoT administrator user roles to any user.
- IoT administrator - IoT administrator can access and administrate the IoT Management Console. This feature is available only if the IoT Management Console is enabled in the license and can be assigned only by the domain administrator, not user manager.
It's possible to combine all user roles mentioned above. Eg. both roles data manager and report editor assigned at the same time allows such user performing the whole process from setting up a data source, modeling data set, report creation and sharing dashboards.
Permissions are granted to users while sharing data sets or reports. There two levels of shared permissions:
- Read-only access
- Full access
Owner: Each data set, report or dashboard has always assigned one user that has full access and also can manage sharing in addition to that. These user are called owners and usually are the creators of the data set, report or dashboard.
Permissions can be granted to a user or a user group. When there are multiple permission simultaneously (one for a user and one for a user group to which the user belongs), edit rights or the lowest view access rights have priority. Edit rights have always preference over view rights. Lower view rights have always preference over higher view rights.
When user has limited controls and user group all controls -> limited controls will be used.
When user has all controls and user group limited controls -> again limited controls will be used.
When user has edit rights and user group all controls -> edit rights will be used.
|User rights||Group 1 rights||Group 2 rights||Result|
|Viewer - Limited controls||Editor||-||Editor|
|Editor||Viewer - Limited controls||-||Editor|
|Viewer - Limited controls||Viewer - No controls||-||Viewer - No controls|
|Viewer - All controls||Viewer - No controls||-||Viewer - No controls|
|Viewer - No controls||Viewer - All controls||-||Viewer - No controls|
|-||Viewer - All controls||Viewer - No controls||Viewer - No controls|