BellaDati distinguishes between two basic permission schemes:

User roles

BellaDati implements following user roles:

This role is usually sufficient for report or dashboard consumers such as general managers or company management members.

He can't create his own reports, but other users (report editors) can share their reports with him - even with permission to edit their reports. For users who can only view the report can be also different control types. See the list of allowed operations for selected control type.

It's possible to combine all user roles mentioned above. Eg. both roles data manager and report editor assigned at the same time allows such user performing the whole process from setting up a data source, modeling data set, report creation and sharing dashboards.

System administrator: There is also a System administrator role in BellaDati. This user role is not required for BellaDati Cloud usage. However this role could be useful for BellaDati On-Premise or Unlimited Cloud tariffs, especially for large enterprise companies or international business groups that require managing more separated domains (eg. for their SBU). System (Global) administrator can change the global settings, enable and disable features of each domain and access any content. This user cannot create own content (data sets and reports).


User roles can be assigned to user groups as well. These roles are merged with standard user roles results - particular user has both roles together. Here is an example:

  • user has report editor role
  • user is member of a user group, which have the data editor role
  • in result, user has report and data editor roles, the second one is inherited from the user group.


Only domain or system administrators can reassign user roles.

Permissions

Permissions are granted to users while sharing data sets or reports. There two levels of shared permissions:

Owner: Each data set, report or dashboard has always assigned one user that has full access and also can manage sharing in addition to that. These user are called owners and usually are the creators of the data set, report or dashboard.

Permissions assigned by sharing particular data sets or reports have priority over standard user roles. This means user with only general user role assigned can have permission to edit particular data set or report which has been shared with him on full access level!

Permission combinations

Permissions can be granted to a user or a user group. When there are multiple permission simultaneously (one for a user and one for a user group to which the user belongs), edit rights or the lowest view access rights have priority. Edit rights have always preference over view rights. Lower view rights have always preference over higher view rights.

Example:

When user has limited controls and user group all controls -> limited controls will be used.

When user has all controls and user group limited controls -> again limited controls will be used.

When user has edit rights and user group all controls -> edit rights will be used.

User rightsGroup 1 rightsGroup 2 rightsResult
Viewer - Limited controlsEditor-Editor
EditorViewer - Limited controls-Editor
Viewer - Limited controlsViewer - No controls-Viewer - No controls
Viewer - All controlsViewer - No controls-Viewer - No controls
Viewer - No controlsViewer - All controls-Viewer - No controls
-Viewer - All controlsViewer - No controlsViewer - No controls


Next Steps