Skip to main content

Feature Overview

The System Management module is architecturally organized into core management sections on the foundational level, providing comprehensive support and governance for resource isolation and workflows across all applications and personnel within the platform.

The System Management's top-level navigation consists of four main entry points: User Management / Application Management / Notification Channels / Platform Settings.

Entry PointSub-Features
User ManagementOrganization Structure, Super Admin, Authentication Sources, Security Policies
Application ManagementRoles, Data Permissions, Custom Menus
Notification ChannelsChannel List & Configuration
Platform SettingsAPI Keys, Audit Logs, Error Logs (Enterprise edition also includes Portal Settings, Licensing)

1. User Management

Serves as the foundational carrier for all permission workflows on the platform, controlling personnel accounts and their organizational status.

  • Centralized Personnel Record Management: Supports global user discovery, creation, modification, and password reset based on key identifiers such as username, name, and email. This resolves the data redundancy and governance blind spots caused by personnel accounts being decentrally managed across multiple subsystems.
  • User Status Management: The user list displays a unified derived status field with priority order: "Disabled > Locked > Password Expired > Active". Administrators can execute three types of actions on single or multiple users through the list or batch operations: Enable, Disable, Unlock. Batch operations use a partial-success strategy, automatically skipping non-applicable accounts with reason feedback and not blocking processing of other accounts.
  • Visual Tree-Based Organization Structure: Supports maintaining hierarchical tree topologies spanning multiple organizational levels and sub-organizations, with the ability to batch-bind both legacy and new users to specific organizational units. This addresses the challenge of searching and managing large-scale personnel and permission assignments in enterprises lacking departmental hierarchy. When creating or editing users, at least one real (non-virtual) organization must be selected to prevent orphaned accounts.
  • Deep-Level Role Attachment and Mapping: Supports transparently viewing and adjusting the specific roles and rule configurations an employee holds across various application modules directly from their personnel record. This resolves the inefficiency issue where administrators struggle to locate and verify what elevated permission attributes a specific employee possesses due to deeply nested application permission interfaces.

2. Application Management

Provides deep, controlled governance capabilities for each independent subsystem mounted on the platform (such as CMDB, monitoring, etc.).

  • Fine-Grained Custom Menu Groups: Supports creating, duplicating, and enabling/disabling through conditional controls dedicated menu navigation trees for specific applications, with multi-version management capabilities. This achieves UI lightweighting and focus by solving the problem of standard system menus being overly complex for personnel focused on specific single workflows.
  • Multi-Dimensional Custom Data Isolation Spaces: Supports establishing underlying data source access and operation permission boundaries within specific application systems, combined with personnel organizational configurations. This fundamentally resolves critical security risks such as data theft and cross-team unauthorized operations that may arise from highly parallel and open data access within the same module.
  • Domain-Boundary-Based Role Isolation Barriers: Each configured role is strictly limited to operate only within a specific application domain, with permission roles across different applications being completely independent and decoupled. This avoids the historical risk of permission contamination caused by coarse-grained "universal roles" across the platform creating cascading permission pollution.

3. Notification Channels

Provides a unified outbound messaging hub engine for all business applications and services across the entire platform.

  • Universal Interface Gateway Integration Compatibility: Supports centrally managing mature delivery media such as Email, WeCom, WeCom robots, DingTalk robots, and Feishu robots, while also supporting binding custom Webhook-based information protocols. This resolves the longstanding pain point of weak internal business system notification capabilities and fragmented, non-standard notification channel adaptation. Underlying authentication-sensitive credentials are strongly encrypted and masked within the channel to protect enterprise push flow control.
  • OpsPilot-Managed NATS Channel Query (Beta): Within the notification channels list, supports querying NATS push channels managed by OpsPilot, with the ability to filter by owned team or robot dimension, and supports expanding notification channel details across subordinate sub-organizations. This helps operations managers quickly verify AI assistant push configurations for all business teams on a single unified page, eliminating the need to enter each organization's backend individually.

4. Platform Settings

Provides system-level configuration, credential management, and audit log capabilities.

4.1 API Key Management

  • Supports generating user-specific API keys within each team for inter-service authentication.
  • One-Time Complete Display: API keys are presented in full through a dialog upon successful creation, with a "Read and Saved" confirmation action. Once the dialog is closed, subsequent list pages only display masked preview values (e.g., sk-****...****abcd). The system no longer provides a second-time query entry for complete keys, effectively reducing credential leakage risk.

4.2 Audit Logs

A unified audit log page (/system-manager/settings/audit-log) integrates Operation Logs and Login Logs through tabs, defaulting to the Operation Logs tab.

  • Operation Logs: Records user actions such as creation, modification, deletion, and execution across application modules. Beyond basic fields like timestamp, user, IP, application, and action, two new structured fields have been added: Operation Target marks the resource type and unique identifier of the operated object; Change Details presents field-level modifications in structured format, showing pre- and post-operation differences, significantly reducing the time needed for accountability determination and compliance evidence collection.
  • Login Logs: Records login timestamps, source IPs, and login status for all accounts. Supports filtering and export by criteria for checking non-compliant source access.

4.3 Error Logs

Records platform backend runtime anomalies, supports paginated viewing and search, facilitating operations teams in locating implicit program failures.

5. Security Management (under User Management)

Platform-wide protection begins here: guarding the first authentication gate while real-time monitoring and recording fine-grained anomalies at the system foundation level.

  • Enterprise-Grade Unified Login Foundation: Allows enabling OTP key verification and stricter password error failure control mechanisms, enforced password length and complexity requirements, and mandatory periodic rotation reminders with automatic gate controls. This addresses critical penetration threats from dictionary brute-force attacks on core accounts and the deadly vulnerability of employees neglecting to rotate default credentials over extended periods.
    • The system automatically inspects accounts approaching expiration according to the password policy and proactively sends password-expiry reminder emails, promoting timely rotation.
    • After administrators save password policy configurations in the backend, new policies take effect immediately without waiting for system cache expiration.
    • OTP Two-Factor Authentication: Users with OTP enabled complete a two-stage verification after password validation: the system returns a one-time challenge_id (not a JWT token), which users then submit along with their OTP code to complete the second stage. After passing, they receive the session token. OTP second-factor verification includes a built-in anti-brute-force rate-limiting mechanism: the system enforces dual-dimensional verification attempt restrictions by both source IP and login username; requests exceeding the threshold are automatically blocked.
    • Admin Account Password Expiration Forced Reset: When the admin account's password has expired, the login flow guides the user into a forced password change process (reusing the existing temporary password reset page). Password changes must be completed before accessing the product. Other non-admin accounts follow the existing password expiration policy.
    • Self-service password modification requires validation of the current login identity first, ensuring the modification is initiated by the account holder and preventing forced password changes under session hijacking.
    • System settings (including password policies, sensitive information protection, portal configuration, etc.) API endpoints require security_settings-View (read) or security_settings-Edit (modify) permissions to access, preventing unauthorized users from bypassing authorization to read or tamper with global configuration.
  • External Third-Party Source Handshake Coordination: Provides integration with external authentication source entities, controlling synchronization status and policy distribution scheduling frequency. This enables large and medium-sized enterprises to seamlessly integrate existing systems and smoothly migrate heterogeneous identity authentication systems toward single sign-on.

Note / Security Best Practice: The Super Admin (Super Administrator) holds ultimate comprehensive data inspection and takeover permissions. To maintain baseline security, it is strongly recommended to reserve this identity for only an extremely small number of audit and compliance reviewers, and configure higher-randomness passwords with shorter automatic expiration requirements for them. Day-to-day module maintenance and new setup should be conducted using regular "Platform Administrators" with limited business management scope, cutting off the possibility of global destructive configuration deletion.