Skip to main content

Feature Overview

The System Management module is organized into core management sections that fully support and govern the operations and resource isolation across all applications and personnel within the platform.

1. User Management

As the foundational carrier for all permission workflows on the platform, it controls personnel accounts and their organizational status.

  • Centralized Personnel Records: Supports searching, creating, modifying, and resetting passwords for all users based on key information such as username, name, and email. This eliminates the data redundancy and governance blind spots caused by decentralized account management across subsystems.
  • Visual Tree-Based Organization: Supports maintaining a multi-level tree topology of sub-organizations, with the ability to batch-assign both new and existing users to specific organizations. This solves the difficulty of searching through large-scale permission assignments and personnel lookups in enterprises without departmental hierarchy.
  • Deep Role Mapping: Supports viewing and adjusting an employee's specific roles and rules across various application modules directly from their user profile. This resolves the inefficiency of administrators struggling to locate and verify what elevated permissions a specific employee holds due to deeply nested application permission pages.

2. Application Management

Provides deep, controlled governance capabilities within the platform for each independent subsystem (such as CMDB, monitoring, etc.).

  • Fine-Grained Custom Menu Groups: Supports creating, duplicating, and conditionally enabling/disabling dedicated menu navigation trees for specific applications with multi-version control. This enables a lightweight, focused interface for personnel who only need specific workflow functions, rather than dealing with an overly complex standard system menu.
  • Multi-Dimensional Data Isolation Spaces: Supports configuring underlying data source access and operation permission boundaries within specific application systems, combined with personnel organizations. This fundamentally addresses security risks such as data theft and cross-team unauthorized operations that may arise from highly open, parallel data access within the same module.
  • Domain-Bounded Role Isolation: Each configured role is strictly confined to operate within a specific application domain, with permission roles across different applications being completely independent and decoupled. This eliminates the risk of permission contamination caused by the legacy practice of coarse-grained "universal roles" across the platform.

3. Notification Channels

Provides a unified outbound messaging hub for all business applications across the entire platform.

  • Universal Interface Gateway Integration: Supports centralized management of mature delivery channels such as WeCom, WeCom bots, DingTalk, and Feishu bots, while also supporting custom Webhook-based protocols. This solves the longstanding pain point of weak messaging capabilities and inconsistent notification channel standards across internal business systems. Underlying authentication credentials are strongly encrypted within the channel to protect enterprise push flow control.

4. Security Management

Platform-wide protection starts here: guarding the first authentication gate while monitoring granular system-level anomalies in real time.

  • Enterprise-Grade Unified Login Foundation: Allows enabling OTP key verification, along with stricter password error lockout mechanisms, enforced password length and complexity requirements, and mandatory periodic rotation reminders. This addresses the critical penetration threats from dictionary brute-force attacks on core accounts and employees neglecting to change default passwords over time.
  • Third-Party Authentication Source Integration: Provides connectivity with external authentication source entities, controlling synchronization status and policy distribution scheduling. This helps medium-to-large enterprises seamlessly integrate with existing systems and smoothly transform heterogeneous identity authentication into single sign-on.
  • Comprehensive Global Tamper-Proof Tracking: Provides cross-user global monitoring dashboards for "Login Logs", "Operation Logs", and "Error Logs" in a read-only locked format. This delivers powerful post-incident auditing capabilities — whether identifying non-compliant external access sources, investigating high-risk insider misoperations, or tracing hidden program errors — everything is fully traceable with evidence export support.

Warning / Security Best Practice: The Super Admin has the highest level of full data inspection and takeover permissions. To ensure baseline security, it is strongly recommended to reserve this identity for only a very small number of audit and compliance reviewers, and to configure higher-randomness passwords with shorter automatic expiration periods for them. Day-to-day module maintenance and creation should be performed using regular "Platform Administrators" who have limited business management scope, cutting off the possibility of globally destructive configuration deletions.