AvePoint Docs
Contact support
Contact support
English

Home > User Management

Export to PDF

User Management

To manage tyGraph users, click User management on the left navigation pane. On the User management page, administrators can perform the following actions to manage users/groups:

- **Add** – Click **Add** to add new users. For more information, refer to the instructions in the [Add/Edit Users](#missing-link) section. - **Edit** – Select one user and click **Edit** to update its details. For more information, refer to the instructions in the [Add/Edit Users](#missing-link) section. - **Delete** – Select one or multiple users, and then click **Delete**. In the confirmation window, click **OK**. All selected users and related data will be deleted. - **Activate** – Select one or multiple users in the **Deactivated** status, and then click **Activate**. Activated users can access tyGraph to perform corresponding actions. - **Deactivate** – Select one or multiple users in the **Activated** status, and then click **Deactivate**. Deactivated users will be restricted from accessing tyGraph. - **Column** – Specify what columns to be displayed on the page. 1. Click **Column** on the upper-right corner of the page. The Filter pane will appear on the right side of the page. 2. In the **Column** pane, select the columns that you want to display on the page. 3. Click **Apply**. - **Filter** – Set a filter to view users and groups by referring to the instructions below: 1. Click **Filter** on the upper-right corner of the page. The Filter pane will appear on the right side of the page. 2. In the **Filter** pane, configure conditions for the Tenant, Type, Role, Modules, or Status. 3. Click **Apply**.

Add/Edit Users

To add/edit users and grant them access to tyGraph report modules, click Add/Edit on the Users page. Refer to the information below to configure settings in the Add/Edit user or group panel:

  1. Tenant – Select a tenant of the users or groups you want to add from the drop-down list.

  2. Add/Edit users or groups – Specify the users or groups that you are about to add. You can enter the following:

    • The usernames / email addresses of Microsoft 365 users in the format of someone@example.com.

    • The aliases of Microsoft 365 users.

    • The names / email addresses of Microsoft 365 Groups, mail-enabled security groups, distribution groups, or security groups.

    *Note: You can specify any user or group, which refers to all available users or groups in your Microsoft 365 tenant’s Microsoft Entra ID. If the users or groups are not AvePoint Online Services users, they will be added to AvePoint Online Services with the tyGraph service assigned.

  3. Choose which modules the users have access to and the permission levels of each – Specify one or multiple modules for users to access. Turn on/off the toggle of a module to make the module accessible or inaccessible to users.

    Note the following:

    • Under the Report center section, select one or multiple permissions to enable users to view related reporting data of web-based reports.

      • SharePoint owner – SharePoint owners will have access to a suite of SharePoint reports provided by tyGraph.

      • Site owner – Site owners will have access to a suite of Sites that l own and Site details reports provided by tyGraph. tyGraph for Site owners provides data for sites where the signed-in user is the owner, site collection administrator, or has full control permissions, which can be granted either individually or through a group.

      • Pulse viewer – Pulse viewers will have access to a suite of Pulse reports provided by tyGraph.

      • Copilot report viewer – Copilot report viewers will have access to a suite of Copilot adoption reports provided by tyGraph.

      • Community owner– Community owners will have access to a suite of reports provided by tyGraph, offering insights into their managed communities.

      • Engage owner – Engage owners will have access to a suite of reports provided by tyGraph, offering insights into all communities.

      • Clear data viewer – Choose whether to allow users or groups to view clear data in reports containing obfuscated data.

    • Under the Role section, Once the Site sponsor option is enabled, specify the sites that users or groups can view site details, including SharePoint reports and web parts, even if they are not site owners.

    • Under the Analytics section, select one or multiple modules to enable users to access related reporting data of Power BI embedded reports by turning on the corresponding module toggles.

    • Under the Kusto section, once the Kusto database reader option is enabled, the users or groups will be granted permissions to configure Power BI semantic model refresh using their organizational account credentials.

    • Under the Benchmarking section, once the Report center option is enabled, select which reports' benchmarking data users can access.

      • Copilot benchmark viewer – Select the Copilot benchmark viewer permission to enable users to access Copilot benchmarking data and related benchmarks in web-based reports.

      • Intranet benchmark viewer – Select the Intranet benchmark viewer permission to enable users to access Intranet benchmarking data.

    • With the Web part option enabled, select one or multiple permissions to tyGraph Pages Site Analytics web part.

      • Pages hub site viewer – Select this option to allow users to view tyGraph Pages at the Hub Site level.

      • Pages site viewer – Select this option to allow users to view tyGraph Pages at the Site level.

      • Pages tenant viewer – Select this option to allow users to view tyGraph Pages including the Query endpoint.

  4. Click Save to save the configurations.

Grant Report Access to Users

To grant a user access to specific reports, complete the following configurations:

  1. Click User management on the left navigation pane, select the user that you want to grant report access to and click Edit.

  2. In the Edit user or group panel, choose which modules and permission levels you want the user to have access to. Access to reports may vary based on the specific reports you want users to access.

    • AvePoint web-based reports which are displayed in the Report center section

      Turn on the Report center toggle and select permissions you want to assign to the user. You can select permissions from the following options:

      • SharePoint owner – Choose this option to grant the user access to a suite of SharePoint reports provided by tyGraph.

      • Site owner – Choose this option to grant the user access to a suite of Sites that l own and Site details reports provided by tyGraph. tyGraph for Site owners provides data for sites where the signed-in user is the owner, site collection administrator, or has full control permissions, which can be granted either individually or through a group.

      • Pulse viewer – Choose this option to grant the user access to a suite of Pulse reports provided by tyGraph.

      • Copilot report viewer – Choose this option to grant the user access to a suite of Copilot adoption reports provided by tyGraph.

      • Community owner – Choose this option to grant the user access to a suite of Viva Engage reports of their managed communities provided by tyGraph.

      • Engage owner – Engage owners will have access to a suite of Viva Engage reports of all communities provided by tyGraph.

      Clear data viewer – Choose whether to allow users or groups to view clear data in reports containing obfuscated data.

    • Power BI reports accessed through the Analytics section

      Select one or multiple modules to enable users to access related reporting data of Power BI embedded reports from the following options: Calling, OneDrive, Pulse, SharePoint, Teams, Viva Engage, and Custom reports. Ensure your organization has purchased both a licensed Power BI embedded module and corresponding modules.

    • Power BI reports accessed through Power BI service

      If you don’t have a licensed Power BI embedded module, you can install the reporting tools in Power BI Service by uploading the app packages we provided and connecting them to your reporting data access. Turn on the Kusto database reader toggle to grant the user access to configure Power BI semantic model refresh using their organizational account credentials.

    • Copilot and Intranet benchmarking data

      Define which reports' benchmarking data users can access by turning on the Report center toggle under the Benchmarking section. You can grant users access to the following benchmarking programs:

      • Copilot benchmark viewer – Select the Copilot benchmark viewer permission to enable users to access Copilot benchmarking data and related benchmarks in web-based reports.

      • Intranet benchmark viewer – Select the Intranet benchmark viewer permission to enable users to access Intranet benchmarking data.

    • SharePoint reports and web parts

      Enable the Site sponsor option in the Role section and specify the sites that users or groups can view site details, including SharePoint reports and web parts, regardless of their ownership status.

  3. Click Save to save the configurations.

Group Permissions

Below is an overview of the group permissions logic within tyGraph, highlighting how site ownership and user permissions are recognized and reported.

- Site owner recognition in tyGraph - Only members of Microsoft 365 Groups designated as owners are recognized as site owners in tyGraph reports. - Members granted full control access through group membership (e.g., AD Group or Microsoft 365 Group members) are not automatically classified as site owners, despite having full control in SharePoint. - AD Group and nested memberships - Users who belong to an AD Group included in the site owners group in SharePoint are considered site owners. - However, nested group memberships (groups within groups) may not be accurately recognized due to limitations in tyGraph's data processing capabilities. - Harvesting limitations - The tyGraph harvester captures users within groups but does not capture groups that are members of other groups. - Consequently, deeply nested permissions may not be accurately reflected in the Site owner report unless they are explicitly surfaced. - Role binding integrity Alterations to role bindings in SharePoint (e.g., manually adding members to the site owners group) can disrupt expected logic and lead to inconsistencies in reporting.