diff --git a/.gitignore b/.gitignore
index cbf21cc5..a5fda5d6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,5 @@
/images/_scratch/
/images/_tmp/
/images/_preview/
-AGENTS.md
\ No newline at end of file
+AGENTS.md
+.agents
\ No newline at end of file
diff --git a/en/basic/ai/overview.mdx b/en/basic/ai/overview.mdx
index 8d665566..ee82acc3 100644
--- a/en/basic/ai/overview.mdx
+++ b/en/basic/ai/overview.mdx
@@ -13,20 +13,20 @@ Teable integrates powerful AI capabilities throughout the platform to help you w
## AI Capabilities
-
- Automatically generate, summarize, translate, and extract information from your data using AI-powered fields.
+
+ Context-aware intelligent assistant for data analysis, visualization, and creation.
-
- Integrate AI processing into your automation workflows for intelligent data handling.
+
+ Transform your data into custom web applications using AI.
Write custom AI-powered scripts to extend automation capabilities.
-
- Context-aware intelligent assistant for data analysis, visualization, and creation.
+
+ Automatically generate, summarize, translate, and extract information from your data using AI-powered fields.
-
- Transform your data into custom web applications using AI.
+
+ Integrate AI processing into your automation workflows for intelligent data handling.
diff --git a/en/basic/authority-matrix.mdx b/en/basic/authority-matrix.mdx
index ee3ce602..08fdaa22 100644
--- a/en/basic/authority-matrix.mdx
+++ b/en/basic/authority-matrix.mdx
@@ -1,66 +1,121 @@
---
title: "Overview"
-description: "Allows administrators to set fine-grained access permissions for team members. Through this approach, precise control over different tables, fields, and operations can be achieved, ensuring each member can only access and modify information within their scope of responsibility. This not only improves team collaboration efficiency but also enhances data security."
+description: "Set access scopes for different teams in the same base, so members only see, edit, or export the data they need."
---
Available for Business plan and above
-## Example Use Cases
-
-- Data Entry Restrictions: Allow team members to add new records but restrict modification of existing data
-- Project Management: Ensure project members can only access and edit their responsible parts of the project
-- Hierarchical Data Access: Flexibly organize roles so that enterprise management can view all data, while regular employees can only access information related to their responsibilities
-
-## Operating the Authority Matrix
-
-Users with Creator permissions in a space can enable the authority matrix. When the authority matrix is enabled, the current user automatically becomes an administrator, space managers also become administrators, and all other members are assigned to the default role by default.
-
-### Creating Roles
-
-Click the Add Role button in the upper right corner of the interface to start creating a new role
-
-
-
-Enter the role settings interface to see all tables in the current base. Here you can set detailed permissions for each table
-
-
-
-Permissions include view permissions, field permissions, and record permissions. By default, all permissions are open, and you can configure them by checking options to restrict permission scope according to requirements.
-
-### View Permissions:
-
-- Create view
-- Delete view
-- Update view
-
-### Record (Row) Permissions
-
-You can use filter condition groups to specify the range of viewable records. For example, adding a condition to select records where product type equals "Parts" will restrict the viewable record range for the current role to records of type "Parts".
-
-- View record
-- Delete record
-- Update record
-- Comment on record
-- Copy record
-
-### Field (Column) Permissions
-
-You can restrict permissions for each field in the table, including:
-
-- View fields related records
-- Delete fields related records
-- Update fields related records
-
-
-
-After modifying table permissions, you must click the switch to the left of the table name to enable the permissions for them to take effect. If not enabled, there will be no permissions by default.
-
-## Important Notes
-
-- Users with management permissions in the space have administrator privileges and can access all data in the base within the space.
-- After enabling the authority matrix, all newly created tables have no permissions by default and require permission configuration before they can be accessed according to role permissions.
-- The user who enables the authority matrix will become an administrator of the current base, and automation features will only be accessible to administrators after enabling the authority matrix.
-- After enabling the authority matrix, the creation, editing, and deletion permissions of fields (columns) themselves are only available to administrators.
-- Once the Authority Matrix is enabled, only users with "Manager" permissions are exempt from its restrictions. For permission levels below "Manager" (such as "Creator" and below), all members except Authority Matrix administrators are subject to the Matrix's unified control.
-
-To learn about basic permission levels for spaces and bases, please refer to [Collaboration Permissions](/en/basic/space/space-permission)
+When sales, finance, operations, and leadership share the same base,
+permissions decide who can enter the base, which data they can see or edit,
+and whether they can import or export data. The Authority Matrix helps teams
+keep data in one place while separating access by responsibility.
+
+You can assign custom roles to members or departments, then let each role
+access only the tables, apps, and workflows it needs. For tables, you can also
+limit visible views, visible records, editable fields, and import or export
+permissions. For example, sales can maintain their own customers, finance can
+view billing fields, and leadership can view the full dataset.
+
+## When to Use It
+
+| Scenario | Good for |
+| --- | --- |
+| Department-level access | Sales can maintain customer records, while finance only sees billing fields. |
+| Assignee-based records | Sales reps can view and update only records assigned to them. |
+| Restricted data entry | Members can create new records without editing or deleting existing records. |
+| Sensitive fields in a shared base | Members can view order records without seeing payment or cost fields. |
+| Controlled apps and workflows | Roles can open selected apps or workflows, while unauthorized nodes stay hidden. |
+
+## How Permissions Work
+
+The Authority Matrix assigns access by role. Users can receive permissions
+from roles assigned directly to them or from department roles. When multiple
+roles apply, Teable combines the permissions allowed by those roles.
+
+Space users with the **Manager** permission and Authority Matrix administrators can manage the Authority Matrix and are not restricted by it.
+
+The role list includes an `Administrators` section and a `Custom roles`
+section:
+
+
+
+Use `Add role` to create a custom role. In the role detail page, assign
+collaborators, write a short description, and configure access for each node in
+the base:
+
+
+
+## Configure Role Access
+
+Each table, app, and workflow has its own access setting.
+
+| Node type | Available setting |
+| --- | --- |
+| Table | Choose `Can edit` or `No access`. After a table is set to `Can edit`, configure its detailed permissions. |
+| App | Choose `Can access` or `No access`. This controls whether the role can open the app. |
+| Workflow | Choose `Can access` or `No access`. This controls whether the role can open the workflow. |
+| Folder | Folders are shown for navigation. If none of the child nodes are accessible, the folder is hidden for the role. |
+
+To configure view, record, field, and other detailed table permissions, set the
+table to `Can edit` first. A table with `No access` is hidden from members in
+that role.
+
+## Table Permissions
+
+When a table is set to `Can edit`, configure these permission areas:
+
+| Permission area | What it controls |
+| --- | --- |
+| View permissions | Whether the role can create, update, or delete views, and whether it can view `All views` or only `Specific views`. |
+| Record permissions | Whether the role can create, update, delete, comment on, or copy records. Visible records can be `All records` or records that match filter conditions. |
+| Field permissions | Whether the role can view, update, or create values in specific fields. The primary field must remain visible. |
+| Import and export permissions | Whether the role can import data into the table or export table data. |
+
+
+
+Record filters work well for access scopes that change by owner, department,
+or similar fields. For example, a condition such as `Sales owner` `is`
+`current user` lets each salesperson see only their own records. Field
+permissions can further hide or lock sensitive field values in records the
+role can access.
+
+## Default Role
+
+
+
+Use `Default role` for members who have not been assigned any custom role. You
+can select an enabled custom role, or choose `Permission denied` so these
+members cannot access content controlled by the Authority Matrix.
+
+## Notes
+
+- After the Authority Matrix is enabled, users whose Space permission is below
+ `Manager` are restricted by it unless they are added as Authority Matrix
+ administrators.
+- The user who enables the Authority Matrix is automatically added to
+ `Administrators`.
+- New custom roles are enabled when they are created from `Add role`, but each
+ table, app, and workflow still needs its own access setting.
+- A table set to `No access` for a role is hidden from that role, even if its
+ detailed permission options were edited earlier.
+- Assigning a role from `Add user` or `Add from organization` can add selected
+ members or departments as base collaborators. The Authority Matrix then
+ narrows what they can access inside the base.
+
+To learn about basic Space and base permission levels, see [Collaboration Permissions](/en/basic/space/space-permission).
diff --git a/en/basic/authority-matrix/authority-matrix-practical-guide.mdx b/en/basic/authority-matrix/authority-matrix-practical-guide.mdx
index 1737225d..5b64d803 100644
--- a/en/basic/authority-matrix/authority-matrix-practical-guide.mdx
+++ b/en/basic/authority-matrix/authority-matrix-practical-guide.mdx
@@ -1,148 +1,217 @@
---
title: "Authority Matrix Guidelines"
+description: "Configure Authority Matrix roles for a sales team that needs shared data, ownership-based record access, and restricted data entry."
---
- Think of the Authority Matrix as a powerful tool. It lets you build precise data access rights for each role on your team, just like assembling building blocks. Don't worry if it seems complex; we'll walk you through a common scenario step by step.
+This guide uses a sales base with three tables: `Customers`, `Sales Orders`,
+and `Products`. The goal is to let each role work with the data it needs
+without exposing the whole base.
+
+| Role | Access goal |
+| --- | --- |
+| Sales Director | View customer and sales data, comment on products, and avoid changing product prices. |
+| Sales Rep | View and update only their own customers and orders, create new customers, and avoid deleting completed orders. |
+| Data Entry Clerk | Add new products without seeing existing products, customers, or orders. |
+
+Turn on the Authority Matrix before relying on role permissions.
+
+
+
+## Create the Roles
+
+
+
+ Open the Authority Matrix page in the base and turn on the main switch. The
+ user who enables it is added as an administrator.
+
+
+ Click `Add role` and create `Sales Director`, `Sales Rep`, and `Data Entry
+ Clerk`.
+
+
+
+
+
+## Configure Sales Director
+
+The Sales Director needs broad visibility, but product prices should stay
+protected from accidental edits.
+
+| Node | Setting |
+| --- | --- |
+| Customers | Set the table to `Can edit`. Keep record and field permissions open so the role can view customer data. |
+| Sales Orders | Set the table to `Can edit`. Keep record and field permissions open so the role can review sales activity. |
+| Products | Set the table to `Can edit`, then allow only `Read record` and `Comment on record` in record permissions. |
+
+
+
+Assign members from the role list with `Add user` or `Add from organization`,
+then make sure the role switch is enabled.
+
+
+
+After setup, a Sales Director can review customer and order data, comment on
+products, and avoid changing product records.
+
+
+
+## Configure Sales Rep
+
+The Sales Rep role uses record filters so each rep works only with records
+where they are the owner.
+
+### Customers
+
+Set `Customers` to `Can edit`.
-
-> Note: The Authority Matrix must be enabled here for your settings to take effect.
+| Permission area | Setting |
+| --- | --- |
+| Record permissions | Choose records that match specific conditions. Add a filter such as `Sales Rep` `is` `Me (current user)`. |
+| Record operations | Allow `Read record`, `Update record`, and `Create record`. Leave `Delete record` off if reps should not delete customer records. |
-## Sales Management Scenario
+
-In this scenario, our sales team needs to collaborate on managing customers, orders, and products. Our goals are:
+
-- **Sales Director**: Can view all customer and sales data for high-level oversight but cannot easily change product prices.
-- **Sales Rep**: Can only view and edit their own customers and orders. They can add new customers but cannot delete completed orders.
-- **Data Entry Clerk**: Is responsible for adding new products but cannot modify or delete existing ones, and has no access to customer or order information.
+### Sales Orders
-### Step 1: Setup and Role Creation
+Set `Sales Orders` to `Can edit`.
+
+| Permission area | Setting |
+| --- | --- |
+| Record permissions | Use the same owner-based filter, such as `Sales Rep` `is` `Me (current user)`. |
+| Record operations | Allow `Read record` and `Create record`. Leave `Update record` and `Delete record` off if completed orders should stay unchanged. |
+| Field permissions | Hide sensitive fields such as `Payment Method` by turning off `Read record` for that field. |
-1. **Enable the Authority Matrix**: In your base, find and toggle on the "Authority Matrix". You and the space administrator will automatically be granted Admin roles.
-2. **Create Roles**: Click the `Add Role` button in the top-right corner. We'll create three roles:
- - Sales Director
- - Sales Rep
- - Data Entry Clerk
+
+
+Assign sales reps to the role and keep the role enabled.
+
+
+
+Each sales rep now sees only the customer and order records that match the
+owner filter.
+
+
-
+## Configure Data Entry Clerk
-### Step 2: Configure Permissions for Each Role
+The Data Entry Clerk only needs to add products.
-Now, let's configure granular permissions for each role. We have three tables: `Customers`, `Sales Orders`, and `Products`.
+| Node | Setting |
+| --- | --- |
+| Products | Set the table to `Can edit`. In record permissions, allow only `Create record`. |
+| Product fields | If linked order data should stay hidden, turn off `Read record` for the `Orders` linked field. |
+| Customers and Sales Orders | Keep these tables as `No access`. |
-#### 1. Configure the [Sales Director] Role
+
-> As the manager, this role needs the highest level of view access.
+Assign clerks to the role and keep the role enabled.
-- **For the `Customers` and `Sales Orders` tables**:
- - **Record-level Permissions**: Enable permissions for the table. Leave the settings at their default to grant full data access.
-- **For the `Products` table**:
- - **Action Permissions**: Only check `View records` and `Comment on records`. This allows the director to see product information without being able to modify it, preventing accidental changes to pricing.
- - **Collaboration**: The director can also comment on specific products, which fosters team communication and timely feedback, boosting overall efficiency.
- - Click the `Save` button in the bottom-left corner to apply the settings.
+
-
+After setup, the Data Entry Clerk can add new product records but cannot browse
+existing product, customer, or order data.
-> Adding Members to a Role
-> Once a role is created and configured, enable it using the toggle switch to its left. Then, assign team members to the role using the `Add User` or `Add from Organization` buttons.
+
-
+## Sales Review View
-**The Sales Director's View**: Once configured, "Sales Director Alice" can view all customer and sales data but is restricted from editing product prices.
+Use this setup for sales reviews: reps can see the full customer list, but can only edit customers they own.
-
+During a review, reps may need to see every customer record to compare follow-up
+patterns and customer status. Day-to-day editing should still stay limited to
+the customers they own, so they do not change another rep's records by mistake.
-#### 2. Configure the [Sales Rep] Role
+Keep the existing `Sales Rep` role, then add a read-only role for company-wide
+customer visibility. A rep can use the read-only role to view all customers and
+use the `Sales Rep` role to update only the customers they own.
-> This is the most critical part of the setup, ensuring data privacy and security.
+### Create a Read-Only Role
-- **For the `Customers` table**:
- - **Record-level Permissions**: This is key! Add a filter where `Sales Rep` `is` `Me(Current User)`.
-
- > **Dynamic Permissions**: This means that when "Sales Rep Emily" logs in, he will only see customers where the 'Sales Rep' field is set to "Emily".
+Click `Add role` and create a read-only role, such as `Global Customer Viewer`.
- 
+### Configure Customer Access
- 
+Set `Customers` to `Can edit`. In record permissions, allow only `Read record`.
+Do not enable `Update record`, `Delete record`, or `Create record`. Leave the
+record filter empty so this role can view all customer records.
- - **Action Permissions**: Check `View records`, `Update records`, and `Create records`. We recommend leaving `Delete records` unchecked to prevent accidental data loss.
+
-- **For the `Sales Orders` table**:
- - **Record-level Permissions**: Apply the same filter: `Sales Rep` `is` `Current User`.
- - **Action Permissions**: Check `View records` and `Create records`. To protect historical data, you can leave `Update records` and `Delete records` unchecked.
- - **Field-level Permissions**: If you don't want reps to see sensitive information, you can hide specific fields. For example, find the `Payment Method` field and uncheck the `View data in this field` permission.
- - Click the `Save` button in the bottom-left corner to apply the settings.
+### Assign Sales Reps
- 
+Return to the role list and add the sales reps who need review access to
+`Global Customer Viewer`.
-> Adding Members to a Role
-> Once a role is created and configured, enable it using the toggle switch to its left. Then, assign team members to the role using the `Add User` or `Add from Organization` buttons.
+
-
+When a user has both `Sales Rep` and `Global Customer Viewer`, Teable combines
+the permissions. The user can view all customer records, but can update only
+records allowed by the owner-based `Sales Rep` role.
-**The Sales Rep's View**: After setup, "Sales Rep Emily" can only see and edit his own customers and orders. He can add new customers but cannot delete completed orders.
-
-
-
-#### 3. Configure the [Data Entry Clerk] Role
-
-> This role is highly restricted and focused on a single task.
-
-- **For the `Products` table**:
- - **Action Permissions**: Only check `Create records`.
- - This ensures they can only add new rows (products) to the `Products` table. They cannot see, edit, or delete any existing product data.
- - **Field-level Permissions**: To prevent them from seeing linked order data, find the `Orders` linked field and uncheck the `View data in this field` permission.
-- **For the `Customers` and `Sales Orders` tables**:
- - Leave the permission toggles off (the default "no access" state). They will not be able to see these tables at all.
-
-
-
-> Adding Members to a Role
-> Once a role is created and configured, enable it using the toggle switch to its left. Then, assign team members to the role using the `Add User` or `Add from Organization` buttons.
-
-
-
-**The Data Entry Clerk's View**: Once configured, "Data Entry Clerk Alex Ray" can only add new products. They cannot modify or delete existing ones and have no visibility into customer or order information.
-
-
-
----
-
-> Advanced Technique: Balancing Sales Collaboration with Data Security
->
-> By default, sales reps are often restricted to seeing only their own customers. But in the real world, collaboration and shared learning are vital. For instance, during a weekly sales review, you might want reps to see everyone's customer data to learn from their peers, while still ensuring they can only edit their own accounts.
->
-> Here’s how to implement this granular control using the Authority Matrix:
->
-> **Goal:**
-> - **View Permissions**: The `Sales Rep` role can view all customer records in the company.
-> - **Edit Permissions**: The `Sales Rep` role can only edit or delete customer records they own.
->
-> **The Strategy:**
-> This is a clever and common approach: instead of modifying the existing `Sales Rep` role, we'll create a new, dedicated "viewer" role. This works because our permission system allows different filters to be applied to different actions ([View], [Update], [Delete], etc.).
->
-> **Configuration Steps:**
->
-> ##### Step 1: Create a new "Viewer" role
-> - In the Authority Matrix, click `Add Role` and name it something like `Global Customer Viewer`.
->
-> ##### Step 2: Configure read-only permissions for the new role
-> - Click the `Global Customer Viewer` role to open its settings.
-> - Go to the `Customers` table.
-> - **Action Permissions**: Check `View records` ONLY. Ensure that `Update records`, `Delete records`, and `Create records` are all unchecked.
-> - **Record-level Permissions**: Do not apply any filters. Leaving the filter section empty means the role grants access to all records in the table.
->
-> 
->
-> ##### Step 3: Add "Emily" to the new role
-> - Return to the main Authority Matrix screen.
-> - Next to the `Global Customer Viewer` role, click `+ Add User` and add your sales rep (e.g., "Emily").
->
-> 
->
-> **The Result:**
->
-> Now, when Sales Rep "Emily" logs in, he has the permissions of *both* roles:
-> - **Full Visibility**: When he opens the `Customers` table, he can see every customer in the company, giving him a complete overview for analysis and team reviews.
-> - **Complete Security**: When he double-clicks a record owned by another rep, he'll see that all fields are read-only (often grayed out and uneditable). There are no "Save," "Edit," or "Delete" buttons available. This completely eliminates the risk of accidental changes, allowing him to browse and present data with confidence.
->
-> 
+
diff --git a/en/basic/sso/azure-entra-id.mdx b/en/basic/sso/azure-entra-id.mdx
index 3f8633aa..08ff049e 100644
--- a/en/basic/sso/azure-entra-id.mdx
+++ b/en/basic/sso/azure-entra-id.mdx
@@ -12,7 +12,7 @@ description: "Configure Azure Entra ID as your SSO authentication provider for T
2. Create a new authentication provider and name it **Azure Entra ID** and select **OpenID Connect**
@@ -23,7 +23,7 @@ description: "Configure Azure Entra ID as your SSO authentication provider for T
2. Navigate to **Microsoft Entra ID** (formerly Azure Active Directory)
@@ -33,7 +33,7 @@ description: "Configure Azure Entra ID as your SSO authentication provider for T
Fill in the following OAuth endpoints in Teable using your **Tenant ID**:
@@ -51,7 +51,7 @@ Fill in the following OAuth endpoints in Teable using your **Tenant ID**:
2. Click **+ New registration**
@@ -61,12 +61,12 @@ Fill in the following OAuth endpoints in Teable using your **Tenant ID**:
Fill in the application registration form:
@@ -83,7 +83,7 @@ Click **Register** to create the application.
1. Copy the **Application (client) ID** from the application overview page
@@ -91,7 +91,7 @@ Click **Register** to create the application.
2. Paste the Client ID into the Teable SSO configuration
@@ -101,7 +101,7 @@ Click **Register** to create the application.
1. In your application, click **Certificates & secrets** in the left menu
@@ -109,7 +109,7 @@ Click **Register** to create the application.
2. Click **+ Add a certificate or secret**
@@ -119,7 +119,7 @@ Click **Register** to create the application.
5. **Important**: Copy the secret **Value** immediately and save it as your Client Secret in Teable
@@ -132,12 +132,12 @@ Click **Register** to create the application.
2. Click **+ Add a permission**
@@ -151,7 +151,7 @@ Click **Register** to create the application.
6. Click **Add permissions**
@@ -163,7 +163,7 @@ Click **Register** to create the application.
You have two options to enable SSO login:
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-en.png
new file mode 100644
index 00000000..942d8658
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-zh.png
new file mode 100644
index 00000000..f5479340
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-default-role-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-en.png
new file mode 100644
index 00000000..89290e20
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-zh.png
new file mode 100644
index 00000000..3e902c8d
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-create-roles-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-en.png
new file mode 100644
index 00000000..f7e5cd6f
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-zh.png
new file mode 100644
index 00000000..75d6718a
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-members-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-en.png
new file mode 100644
index 00000000..78f0aeca
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-zh.png
new file mode 100644
index 00000000..edb3323b
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-permissions-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-en.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-en.webp
new file mode 100644
index 00000000..315492b3
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-en.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-zh.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-zh.webp
new file mode 100644
index 00000000..39de28a1
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-data-entry-view-zh.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-en.png
new file mode 100644
index 00000000..f45a25f8
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-zh.png
new file mode 100644
index 00000000..ea8af012
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-enable-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-en.png
new file mode 100644
index 00000000..c0a9b7e3
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-zh.png
new file mode 100644
index 00000000..05feecbf
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-members-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-en.png
new file mode 100644
index 00000000..45f94139
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-zh.png
new file mode 100644
index 00000000..7eec6daa
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-permissions-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-en.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-en.webp
new file mode 100644
index 00000000..013e6490
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-en.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-zh.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-zh.webp
new file mode 100644
index 00000000..8434fe69
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-global-customer-viewer-result-zh.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-en.png
new file mode 100644
index 00000000..a0543d36
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-zh.png
new file mode 100644
index 00000000..4c84e6d4
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-members-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-en.png
new file mode 100644
index 00000000..04e9f583
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-zh.png
new file mode 100644
index 00000000..6b416ffa
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-permissions-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-en.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-en.webp
new file mode 100644
index 00000000..d08e2f12
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-en.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-zh.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-zh.webp
new file mode 100644
index 00000000..81c2648f
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-director-view-zh.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-en.png
new file mode 100644
index 00000000..31e0cfbb
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-zh.png
new file mode 100644
index 00000000..a28432c9
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-customer-permissions-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-en.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-en.webp
new file mode 100644
index 00000000..d44bbcf1
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-en.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-zh.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-zh.webp
new file mode 100644
index 00000000..0e8c38d4
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-filter-zh.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-en.png
new file mode 100644
index 00000000..b23402ad
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-zh.png
new file mode 100644
index 00000000..d07ad314
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-members-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-en.png
new file mode 100644
index 00000000..630ebb43
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-zh.png
new file mode 100644
index 00000000..72230aad
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-order-permissions-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-en.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-en.webp
new file mode 100644
index 00000000..87c8e26e
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-en.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-zh.webp b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-zh.webp
new file mode 100644
index 00000000..7f4d26a6
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-practical-guide-sales-rep-view-zh.webp differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-en.png
new file mode 100644
index 00000000..702de624
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-zh.png
new file mode 100644
index 00000000..a6bba011
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-detail-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-en.png
new file mode 100644
index 00000000..2ca4dbb2
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-zh.png
new file mode 100644
index 00000000..162bf872
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-role-list-zh.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-en.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-en.png
new file mode 100644
index 00000000..baacac8d
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-en.png differ
diff --git a/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-zh.png b/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-zh.png
new file mode 100644
index 00000000..8a9d1ced
Binary files /dev/null and b/images/docs/authority-matrix/2026-05-27-authority-matrix-table-permissions-zh.png differ
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-00.png b/images/docs/sso/2026-05-11-azure-entra-id-add-api-permission.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-00.png
rename to images/docs/sso/2026-05-11-azure-entra-id-add-api-permission.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-50.png b/images/docs/sso/2026-05-11-azure-entra-id-add-client-secret.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-50.png
rename to images/docs/sso/2026-05-11-azure-entra-id-add-client-secret.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-03-39.png b/images/docs/sso/2026-05-11-azure-entra-id-app-registration-entry.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-03-39.png
rename to images/docs/sso/2026-05-11-azure-entra-id-app-registration-entry.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-11.png b/images/docs/sso/2026-05-11-azure-entra-id-app-registration-form.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-11.png
rename to images/docs/sso/2026-05-11-azure-entra-id-app-registration-form.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-27.png b/images/docs/sso/2026-05-11-azure-entra-id-application-client-id.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-27.png
rename to images/docs/sso/2026-05-11-azure-entra-id-application-client-id.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-44.png b/images/docs/sso/2026-05-11-azure-entra-id-certificates-secrets.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-44.png
rename to images/docs/sso/2026-05-11-azure-entra-id-certificates-secrets.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-55.png b/images/docs/sso/2026-05-11-azure-entra-id-client-secret-value.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-55.png
rename to images/docs/sso/2026-05-11-azure-entra-id-client-secret-value.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-20.png b/images/docs/sso/2026-05-11-azure-entra-id-create-provider.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-20.png
rename to images/docs/sso/2026-05-11-azure-entra-id-create-provider.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-16.png b/images/docs/sso/2026-05-11-azure-entra-id-delegated-permissions.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-16.png
rename to images/docs/sso/2026-05-11-azure-entra-id-delegated-permissions.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-34-30.png b/images/docs/sso/2026-05-11-azure-entra-id-login-options.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-34-30.png
rename to images/docs/sso/2026-05-11-azure-entra-id-login-options.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-05.png b/images/docs/sso/2026-05-11-azure-entra-id-microsoft-graph-permissions.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-02-05.png
rename to images/docs/sso/2026-05-11-azure-entra-id-microsoft-graph-permissions.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-51.png b/images/docs/sso/2026-05-11-azure-entra-id-oauth-endpoints.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-51.png
rename to images/docs/sso/2026-05-11-azure-entra-id-oauth-endpoints.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-27.png b/images/docs/sso/2026-05-11-azure-entra-id-open-entra-id.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-00-27.png
rename to images/docs/sso/2026-05-11-azure-entra-id-open-entra-id.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-19.png b/images/docs/sso/2026-05-11-azure-entra-id-redirect-uri.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-19.png
rename to images/docs/sso/2026-05-11-azure-entra-id-redirect-uri.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-32.png b/images/docs/sso/2026-05-11-azure-entra-id-teable-client-id.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-azure-entra-id-2025-12-04-18-01-32.png
rename to images/docs/sso/2026-05-11-azure-entra-id-teable-client-id.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-feishu-49353a708fc1f1e1.png b/images/docs/sso/2026-05-11-feishu-copy-provider-id-zh.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-feishu-49353a708fc1f1e1.png
rename to images/docs/sso/2026-05-11-feishu-copy-provider-id-zh.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-feishu-eafb64024965053a.png b/images/docs/sso/2026-05-11-feishu-create-app-zh.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-feishu-eafb64024965053a.png
rename to images/docs/sso/2026-05-11-feishu-create-app-zh.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-feishu-54501614ff7424f1.png b/images/docs/sso/2026-05-11-feishu-login-page-zh.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-feishu-54501614ff7424f1.png
rename to images/docs/sso/2026-05-11-feishu-login-page-zh.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-feishu-8f8c41d77bde45a2.png b/images/docs/sso/2026-05-11-feishu-teable-provider-config-zh.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-feishu-8f8c41d77bde45a2.png
rename to images/docs/sso/2026-05-11-feishu-teable-provider-config-zh.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-feishu-66f7441d660f2858.png b/images/docs/sso/2026-05-11-feishu-upload-app-icon-zh.png
similarity index 100%
rename from images/staged-sso-preview/2026-05-11-sso-feishu-66f7441d660f2858.png
rename to images/docs/sso/2026-05-11-feishu-upload-app-icon-zh.png
diff --git a/images/staged-sso-preview/2026-05-11-sso-azure-step4-option-2-fit-width.png b/images/staged-sso-preview/2026-05-11-sso-azure-step4-option-2-fit-width.png
deleted file mode 100644
index c611e701..00000000
Binary files a/images/staged-sso-preview/2026-05-11-sso-azure-step4-option-2-fit-width.png and /dev/null differ
diff --git a/zh/basic/ai/overview.mdx b/zh/basic/ai/overview.mdx
index 5f9e64b4..e451bd90 100644
--- a/zh/basic/ai/overview.mdx
+++ b/zh/basic/ai/overview.mdx
@@ -13,20 +13,20 @@ Teable 在整个平台中集成了强大的 AI 能力,帮助您更智能地处
## AI 能力
-
- 使用 AI 驱动的字段自动生成、总结、翻译和提取数据信息。
+
+ 用于数据分析、可视化和创作的上下文感知智能助手。
-
- 将 AI 处理集成到自动化工作流中,实现智能数据处理。
+
+ 利用 AI 将您的数据转化为定制化的网络应用。
编写自定义 AI 驱动的脚本,扩展自动化能力。
-
- 用于数据分析、可视化和创作的上下文感知智能助手。
+
+ 使用 AI 驱动的字段自动生成、总结、翻译和提取数据信息。
-
- 利用 AI 将您的数据转化为定制化的网络应用。
+
+ 将 AI 处理集成到自动化工作流中,实现智能数据处理。
diff --git a/zh/basic/authority-matrix.mdx b/zh/basic/authority-matrix.mdx
index f49a24c1..6c82e1af 100644
--- a/zh/basic/authority-matrix.mdx
+++ b/zh/basic/authority-matrix.mdx
@@ -1,66 +1,92 @@
---
title: "概览"
-description: "允许管理员为团队成员设置细粒度的访问权限。通过这种方式,可以实现对不同数据表、字段和操作的精确控制,确保每个成员只能访问和修改其职责范围内的信息。这不仅提高了团队协作的效率,还增强了数据安全性。"
+description: "在同一个数据库中为不同团队设置访问范围,让成员只看到、修改或导出自己需要的数据。"
---
商业版及以上适用
-## 应用场景示例
+当销售、财务、运营和管理层共用同一个数据库时,权限不只是决定谁能进入数据库,还关系到谁能看哪些数据、改哪些内容,以及是否可以导入或导出。权限矩阵适合把数据集中管理,同时按职责隔离访问范围的团队。
-- 数据录入限制:允许团队成员添加新记录,但限制其修改现有数据
-- 项目管理:确保项目成员只能访问和编辑其负责的项目部分
-- 层级化数据访问:可以灵活组织角色做到企业管理层可查看全部数据,而普通员工仅能访问与其职责相关的信息
+你可以为成员或部门分配自定义角色,让不同角色只访问需要的表格、应用和工作流。对表格,还可以继续限制可见视图、可见记录、可编辑字段,以及导入/导出权限。比如销售只维护自己的客户,财务只查看账单字段,管理层查看完整数据。
-## 操作权限矩阵
+## 适用场景
-空间中具有搭建者权限的用户,可以操作开启权限矩阵。权限矩阵开启后,当前用户自动成为管理员,空间管理者也会成为管理员,所有其他成员会默认被指派为默认角色。
+| 场景 | 示例 |
+| --- | --- |
+| 按部门分配访问范围 | 销售团队可以维护客户记录,财务团队只能查看账单相关字段。 |
+| 按负责人限制记录 | 销售代表只能查看和更新负责人是自己的记录。 |
+| 限制数据录入权限 | 成员可以创建新记录,但不能编辑或删除已有记录。 |
+| 在共享数据库中保护敏感字段 | 成员可以查看订单记录,但看不到支付方式或成本字段。 |
+| 控制应用和工作流入口 | 角色只能打开指定应用或工作流,未授权节点不会显示。 |
-### 创建角色
+## 权限如何生效
-点击界面右上方添加角色按钮,可以开始创建新的角色
+权限矩阵按角色分配访问范围。用户可以通过直接分配的角色或部门角色获得权限。多个角色同时适用时,Teable 会合并这些角色允许的权限。
-
+空间中拥有 **可管理** 权限的用户和权限矩阵管理员,可以管理权限矩阵,也不受权限矩阵限制。
-进入角色设置界面,可以看到当前数据库所有的表。在这里可以对每一张表进行细节的权限设置
+角色列表包含 `管理员` 和 `自定义角色` 两部分:
-
+
-权限包括视图权限,字段权限记录权限,默认状态下,所有的权限都是开放的,你可以进行勾选配置,按照需求限制权限范围。
+点击 `添加角色` 创建自定义角色。进入角色详情后,可以分配协作者、填写角色说明,并为数据库中的每个节点配置访问权限:
-### 视图权限:
+
-- 创建视图
-- 删除视图
-- 更新视图
+## 配置角色访问范围
-### 字段(列)权限
+每个表格、应用和工作流都有独立的访问设置。
-你可以对表格中每一个字段的记录进行权限限制,包括:
+| 节点类型 | 可配置权限 |
+| --- | --- |
+| 表格 | 选择 `可编辑` 或 `无权限`。设置为 `可编辑` 后,可以继续配置表格内的详细权限。 |
+| 应用 | 选择 `可访问` 或 `无权限`,控制这个角色能否打开该应用。 |
+| 工作流 | 选择 `可访问` 或 `无权限`,控制这个角色能否打开该工作流。 |
+| 文件夹 | 文件夹用于展示层级。如果角色不能访问文件夹下的任何节点,该文件夹会自动隐藏。 |
-- 查看字段对应的记录
-- 删除字段对应的记录
-- 更新字段对应的记录
+如果要配置表格内的视图、记录、字段等详细权限,需要先将该表格设置为 `可编辑`。对某个角色来说,处于 `无权限` 状态的表格不会显示。
-### 记录(行)权限
+## 表格权限
-你可以使用筛选条件组,来指定可以查看的记录范围。比如,添加条件选择商品类型等于"零件" 的记录,那么当前角色可查看的记录范围就被限制到“零件”类型的记录。
+当表格设置为 `可编辑` 后,可以继续配置以下权限:
-- 查看记录
-- 删除记录
-- 更新记录
-- 对记录进行评论
-- 复制记录
+| 权限区域 | 控制内容 |
+| --- | --- |
+| 视图权限 | 控制角色能否创建、更新、删除视图,以及可以查看 `所有视图` 还是只能查看 `特定视图`。 |
+| 记录权限 | 控制角色能否创建、更新、删除、评论、复制记录。可见记录可以是 `所有记录`,也可以限制为符合筛选条件的记录。 |
+| 字段权限 | 控制角色能否查看、更新或创建指定字段的值。主字段必须保持可见。 |
+| 导入/导出权限 | 控制角色能否向表格导入数据,或导出表格数据。 |
-
+
-修改完表格权限后,要点击表格名字左边的开关进行启用权限才会生效,如果不启用则默认为无权限。
+记录筛选适合处理按负责人、部门等变化的访问范围。比如设置 `销售负责人` `等于` `当前用户` 后,每位销售只能看到自己的记录。字段权限可以在可访问记录的基础上,继续隐藏或锁定敏感字段值。
+
+## 默认角色
+
+
+
+`默认角色` 只用于未分配任何自定义角色的成员。你可以选择一个已启用的自定义角色,也可以选择 `无权限`,让这类成员不能访问权限矩阵控制下的内容。
## 注意事项
-- 空间内的可管理用户具有管理员权限,可以访问空间中的数据库的所有数据
-- 在权限矩阵开启之后,所有新创建的表默认是无权限,需要进行权限配置后,才能按照角色权限进行访问。
-- 开启权限矩阵的用户将成为当前数据库的管理员,自动化功在开启权限矩阵后仅允许管理员访问
-- 在权限矩阵开启之后,字段(列)本身的创建、编辑、删除权限仅管理员可进行配置
-- 启用权限矩阵后,仅“可管理”权限的用户不受矩阵约束。对于“可管理”以下的权限等级(如“可搭建”及以下),除权限矩阵管理员外,所有成员均受权限矩阵的统一管控。
+- 启用权限矩阵后,空间中低于 `可管理` 的用户都会受到限制,除非被加入权限矩阵管理员。
+- 开启权限矩阵的用户会自动加入 `管理员`。
+- 通过 `添加用户` 分配角色时,已选择但尚未加入当前数据库的成员会被加入为数据库协作者。权限矩阵随后会收窄他们在数据库内的访问范围。
-了解空间和数据库的基础权限级别,请查看[协作权限](/zh/basic/space/space-permission)
+了解 **空间** 和 **数据库** 的基础权限级别,请查看[协作权限](/zh/basic/space/space-permission)。
diff --git a/zh/basic/authority-matrix/authority-matrix-practical-guide.mdx b/zh/basic/authority-matrix/authority-matrix-practical-guide.mdx
index 66b58bc0..1c0e36a8 100644
--- a/zh/basic/authority-matrix/authority-matrix-practical-guide.mdx
+++ b/zh/basic/authority-matrix/authority-matrix-practical-guide.mdx
@@ -1,150 +1,199 @@
---
title: "权限矩阵指南"
+description: "为销售团队配置权限矩阵角色,处理共享数据、按负责人限制记录,以及限制录入权限。"
---
- 权限矩阵是一个强大的工具,它能帮助您像搭积木一样,为团队中的每个角色精确地“搭建”出他们所需的数据访问权限。别担心它看起来复杂,让我们通过一个常见的场景,一步步带您上手。
+这个示例使用一个销售数据库,包含三张表:`客户信息`、`销售订单` 和
+`产品信息`。目标是让每个角色只访问自己需要的数据,而不是开放整个数据库。
-
-> 注意:需要在此启用权限矩阵,权限设置才能生效。
+| 角色 | 权限目标 |
+| --- | --- |
+| 销售总监 | 查看客户和销售数据,可以评论产品,但避免修改产品价格。 |
+| 销售代表 | 只查看和更新自己负责的客户和订单,可以新建客户,但不能删除已成交订单。 |
+| 数据录入员 | 只添加新产品,不能查看已有产品、客户或订单。 |
-## 销售管理场景
+需要先启用权限矩阵,角色权限才会生效。
-在这个场景中,我们有一个销售团队,需要协同管理客户、订单和产品信息。我们希望实现以下目标:
+
-- **销售总监**:可以查看所有客户和销售数据,进行宏观调控,但不能随意修改产品价格。
-- **销售代表**:只能看到和修改自己的客户和订单,可以添加新客户,但不能删除已成交的订单。
-- **数据录入员**:负责上架新产品,但不能修改或删除老产品,也看不到任何客户和订单信息。
+## 创建角色
-### 第一步:准备工作与角色创建
+
+
+ 在数据库中打开权限矩阵页面,开启主开关。开启权限矩阵的用户会被加入管理员。
+
+
+ 点击 `添加角色`,创建 `销售总监`、`销售代表` 和 `数据录入员` 三个角色。
+
+
-1. **开启权限矩阵**:在您的数据库中,找到并开启“权限矩阵”。您和空间管理员将自动成为管理员。
-2. **创建角色**:点击右上角的 `添加角色` 按钮,我们创建三个角色:
- - 销售总监
- - 销售代表
- - 数据录入员
+
-
+## 配置销售总监
-### 第二步:为每个角色配置权限
+销售总监需要较完整的查看权限,但产品价格不应该被误改。
-现在,我们来为每个角色精细地设置权限。我们有三张表:`客户信息`、`销售订单`、`产品信息`。
+| 节点 | 设置 |
+| --- | --- |
+| 客户信息 | 将表格设置为 `可编辑`。保留记录和字段权限,让该角色可以查看客户数据。 |
+| 销售订单 | 将表格设置为 `可编辑`。保留记录和字段权限,让该角色可以查看销售情况。 |
+| 产品信息 | 将表格设置为 `可编辑`,然后在记录权限中只允许 `查看记录` 和 `对记录进行评论`。 |
-#### 1. 配置【销售总监】角色
+
-> 这位是管理者,需要最高级别的查看权限。
+回到角色列表,通过 `添加用户` 或 `从组织添加` 分配成员,并确认该角色开关已启用。
-- **客户信息表** 和 **销售订单表**:
- - **记录权限**:打开表格。不做修改,确保管理者能够拥有所有的数据权限。
-- **产品信息表**:
- - **记录权限**:仅勾选 `更新视图` 和 `对记录进行评论`。这样总监能看到产品信息,但无法修改,防止误操作影响价格。
- - **协作**:同时,总监可以针对有问题的产品提出评论,促进团队沟通与及时反馈,提升整体工作效率。
- - 点击左下角的 `保存` 按钮以使设置生效。
+
-
+配置完成后,销售总监可以查看客户和订单数据,也可以评论产品,但不能修改产品记录。
-> 为角色添加成员
-> 创建角色并配置权限后,点击角色左侧的开关按钮启用该角色,通过 `添加用户` 或 `从组织添加` 按钮,将团队成员分配到对应角色中。
+
-
+## 配置销售代表
-**销售总监视角**:配置完成后,以"销售总监黄小小视角",可以查看所有客户和销售数据,但不能随意修改产品价格。
+销售代表角色使用记录筛选,让每位销售只处理自己负责的记录。
-
+### 客户信息
-#### 2. 配置【销售代表】角色
+将 `客户信息` 设置为 `可编辑`。
-> 这是最核心的设置,确保数据隔离和安全。
+| 权限区域 | 设置 |
+| --- | --- |
+| 记录权限 | 选择符合特定条件的记录,添加类似 `负责销售` `等于` `当前用户` 的筛选条件。 |
+| 记录操作 | 允许 `查看记录`、`更新记录` 和 `创建记录`。如果不希望销售删除客户资料,不要开启 `删除记录`。 |
-- **客户信息表**:
- - **记录权限**:这是关键!添加一条筛选条件:`负责销售` `等于` `当前用户`。
-
- > 动态权限:这意味着销售代表“王大大”登录后,只能看到“负责人”字段是“王大大”的客户。
+
- 
+
- 
+### 销售订单
- - **操作权限**:勾选 `查看记录`、`更新记录`、`创建记录`。可以不勾选 `删除记录`,防止客户资料被误删。
+将 `销售订单` 设置为 `可编辑`。
-- **销售订单表**:
- - **记录权限**:同样添加筛选条件:`销售代表` `等于` `当前用户`。
- - **操作权限**:勾选 `查看记录`、`创建记录`。为了防止已成交订单被修改,可以不勾选 `更新记录` 和 `删除记录`。
- - **字段权限**:我们不希望销售代表看到订单的“支付方式”,可以找到 `支付方式` 这个字段,取消勾选 `查看字段对应的记录` 权限。
- - 点击左下角的 `保存` 按钮以使设置生效。
+| 权限区域 | 设置 |
+| --- | --- |
+| 记录权限 | 使用同样的负责人筛选,例如 `销售代表` `等于` `当前用户`。 |
+| 记录操作 | 允许 `查看记录` 和 `创建记录`。如果已成交订单不能被改动,不要开启 `更新记录` 和 `删除记录`。 |
+| 字段权限 | 对 `支付方式` 等敏感字段关闭 `查看记录`,避免销售代表看到不该看的字段值。 |
- 
+
-> 为角色添加成员
-> 创建角色并配置权限后,点击角色左侧的开关按钮启用该角色,通过 `添加用户` 或 `从组织添加` 按钮,将团队成员分配到对应角色中。
+将销售人员分配到该角色,并确认角色已启用。
-
+
-**销售代表视角**:配置完成后,以"销售代表王大大视角",只能看到和修改自己的客户和订单,可以添加新客户,但不能删除已成交的订单。
+每位销售代表现在只能看到符合负责人筛选条件的客户和订单。
-
+
-#### 3. 配置【产品信息录入员】角色
+## 配置数据录入员
-> 这个角色的权限非常有限,只负责一项工作。
+数据录入员只需要添加产品。
-- **产品信息表**:
- - **记录权限**:只勾选 `创建记录`。
- - 这样,他们只能在 `产品信息表` 里添加新行(录入新产品),但无法看到、修改或删除任何已存在的产品。
- - **字段权限**:我们不希望产品信息录入员看到订单,可以找到 `订单` 这个字段,取消勾选 `查看字段对应的记录` 权限。
-- **客户信息表** 和 **销售订单表**:
- - 保持默认的“无权限”状态,即不启用这两张表的权限开关。他们将完全看不到这两张表。
+| 节点 | 设置 |
+| --- | --- |
+| 产品信息 | 将表格设置为 `可编辑`。在记录权限中只允许 `创建记录`。 |
+| 产品字段 | 如果不希望录入员看到关联订单数据,对 `订单` 关联字段关闭 `查看记录`。 |
+| 客户信息和销售订单 | 保持 `无权限`。 |
-
+
-> 为角色添加成员
-> 创建角色并配置权限后,点击角色左侧的开关按钮启用该角色,通过 `添加用户` 或 `从组织添加` 按钮,将团队成员分配到对应角色中。
+将录入员分配到该角色,并确认角色已启用。
-
+
-**产品信息录入员视角**:配置完成后,以"产品信息录入员郑朗朗视角",负责上架新产品,但不能修改或删除老产品,也看不到任何客户和订单信息。
+配置完成后,数据录入员可以添加新的产品记录,但不能浏览已有产品、客户或订单数据。
-
+
----
+## 销售复盘视角
+
+适合销售复盘:让销售代表看到完整客户列表,但只允许修改自己负责的客户。
+
+复盘时,销售代表可能需要查看所有客户记录,用来对比跟进方式和客户状态。但日常维护仍然应该限制在自己负责的客户范围内,避免误改其他销售的记录。
+
+可以保留原来的 `销售代表` 角色,再新增一个只读角色负责全局查看权限。这样同一个销售可以通过只读角色查看全部客户,通过 `销售代表` 角色更新自己负责的客户。
+
+### 创建只读角色
+
+点击 `添加角色`,创建一个只读角色,比如 `全局客户观察员`。
+
+### 配置客户表访问
+
+将 `客户信息` 设置为 `可编辑`。在记录权限中只允许 `查看记录`,不要开启 `更新记录`、`删除记录` 或 `创建记录`。记录筛选条件保持为空,让这个角色可以查看全部客户记录。
+
+
+
+### 分配销售人员
+
+回到角色列表,将需要复盘视角的销售人员加入 `全局客户观察员`。
+
+
+
+当同一个用户同时拥有 `销售代表` 和 `全局客户观察员` 两个角色时,Teable 会合并权限。这个用户可以查看所有客户记录,但只能更新 `销售代表` 角色允许的、自己负责的记录。
-> 高级玩法:实现销售协作与数据安全并存
->
-> 在标准的权限设置中,我们通常让销售代表只能看到自己的客户。但在实际工作中,团队需要协作和学习。比如,在每周的销售复盘会上,我们希望销售代表能看到所有同事的客户信息以学习经验,但同时必须保证,他们只能编辑和维护自己的客户。
->
-> 以下是如何通过权限矩阵实现这一精细化管理:
->
-> **目标:**
-> - **查看权限**:`销售代表` 角色可以查看所有同事的客户记录。
-> - **修改权限**:`销售代表` 角色只能修改或删除自己名下的客户记录。
->
-> **实现思路:**
-> 这是一个非常巧妙且常用的管理方法:我们不改变现有 `销售代表` 角色的权限,而是创建一个全新的、专门用于“观察”的角色。这需要我们的权限系统支持对【查看】、【更新】、【删除】等不同操作,应用不同的筛选条件。
->
-> **配置步骤:**
->
-> ##### 第一步:创建一个新的“观察员”角色
-> - 在权限矩阵界面,点击右上角的 `添加角色` 按钮,例如命名为 `全局客户观察员`。
->
-> 
->
-> ##### 第二步:为新角色配置只读权限
-> - 点击 `全局客户观察员` 角色进入配置界面。
-> - 找到 `客户信息表`。
-> - **操作权限**:只勾选 `查看记录`。请确保 `更新记录`、`删除记录`、`创建记录` 等所有其他操作权限的复选框都未被勾选。
-> - **记录权限**:不设置任何筛选条件。将筛选条件区域留空,这样就意味着该角色可以查看表中的所有记录。
->
-> 
->
-> ##### 第三步:将“王大大”加入该角色
-> - 回到权限矩阵主界面。
-> - 点击 `全局客户观察员` 角色旁的 `+ 添加用户` 按钮,将销售代表(如“王大大”)加入。
->
-> 
->
-> **最终效果:**
->
-> 配置完成后,当销售代表 “王大大” 登录系统时:
-> - **全局视野**:他打开 `客户信息表`,可以完整地看到公司所有的客户数据,信息一览无余,非常适合做全局复盘和战略分析。
-> - **绝对安全**:当他双击任意一条客户记录时,会发现所有的字段都是“只读”状态(通常显示为灰色或不可编辑)。没有任何“保存”、“修改”或“删除”按钮可以点击。这彻底杜绝了任何误操作的可能,让他可以安心地浏览和展示数据。
->
-> 
+
diff --git a/zh/basic/sso/azure-entra-id.mdx b/zh/basic/sso/azure-entra-id.mdx
index eb5f57a2..3e80ceee 100644
--- a/zh/basic/sso/azure-entra-id.mdx
+++ b/zh/basic/sso/azure-entra-id.mdx
@@ -12,7 +12,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 创建新的认证提供商,命名为 **Azure Entra ID** 并选择 **OpenID Connect**
@@ -23,7 +23,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 导航至 **Microsoft Entra ID**(原 Azure Active Directory)
@@ -33,7 +33,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
使用你的 **租户 ID** 在 Teable 中填写以下 OAuth 端点:
@@ -51,7 +51,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 点击 **+ 新注册**
@@ -61,12 +61,12 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
填写应用程序注册表单:
@@ -83,7 +83,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
1. 从应用程序概述页面复制**应用程序(客户端)ID**
@@ -91,7 +91,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 将客户端 ID 粘贴到 Teable 的 SSO 配置中
@@ -101,7 +101,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
1. 在你的应用程序中,点击左侧菜单的**证书和密钥**
@@ -109,7 +109,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 点击 **+ 新客户端密钥**
@@ -119,7 +119,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
5. **重要**:立即复制密钥的**值**并将其保存为 Teable 中的客户端密钥
@@ -132,12 +132,12 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
2. 点击 **+ 添加权限**
@@ -151,7 +151,7 @@ description: "配置 Azure Entra ID 作为 Teable 的 SSO 认证提供商"
6. 点击**添加权限**
diff --git a/zh/basic/sso/feishu.mdx b/zh/basic/sso/feishu.mdx
index bb3bd651..dc338bcd 100644
--- a/zh/basic/sso/feishu.mdx
+++ b/zh/basic/sso/feishu.mdx
@@ -12,7 +12,7 @@ description: "配置飞书作为 Teable 的 SSO 认证提供商"
3. 创建成功后,获取 **App ID** 和 **App Secret**
@@ -23,13 +23,13 @@ description: "配置飞书作为 Teable 的 SSO 认证提供商"
2. 创建新的认证提供商
3. 填写第一步中获取的 **App ID** 和 **App Secret**
4. 创建完成后,点击复制 **providerId**,稍后配置飞书应用时需要用到
@@ -68,7 +68,7 @@ description: "配置飞书作为 Teable 的 SSO 认证提供商"
1. 点击 **创建版本**
2. 上传应用图标
@@ -85,7 +85,7 @@ description: "配置飞书作为 Teable 的 SSO 认证提供商"
此时登录页面会出现飞书登录按钮,或者直接在飞书工作台点击应用图标进入。
\ No newline at end of file
diff --git a/zh/changelog.mdx b/zh/changelog.mdx
index 52a42da4..00b48ab2 100644
--- a/zh/changelog.mdx
+++ b/zh/changelog.mdx
@@ -81,7 +81,7 @@ rss: true
* 复制统计结果时,成功提示会显示 **“Copied”**,让复制状态更清晰。
-* \*\*针对跨 Space 引用增加限制:\*\*新建或更新 link、lookup、rollup、conditional lookup、conditional rollup 字段时,不再支持新的跨 Space 引用。
+* **针对跨 Space 引用增加限制**:新建或更新 link、lookup、rollup、conditional lookup、conditional rollup 字段时,不再支持新的跨 Space 引用。
* 复制字段、表、Base 或移动 Base 时,如果检测到跨 Space 引用,会提前提示影响范围,并尽量保留可读的引用值。