May 2025 - Dashboard Release Notes

Following on from previous CSS styling changes delivered in out April 25 release, further improvements have been added specifically around Buttons, Category Objects and Charts and several other components.

New styles have been added for:

• Category Objects Panel: Buttons such as Add, Remove, Apply, Cancel, Pin

• Category List Panel: Includes updated styles for finding active categories and pinning items buttons

• Date Range Popup: Quick selection buttons now respond visually to user interaction for better usability

• Chart Editor: Fully styled buttons for actions like Add, Remove, Sort, and Close only applied to the items in the chart editor

• Generic Buttons: Global buttons button for actions like Add, Remove, Sort, and Close applied to all the components in the dashboard (unless overridden by e.g. chart editor level btn styling)

All the CSS classes related to Category Objects has been added to its own ‘Category Object’ panel:

Open

A comprehensive list of the CSS classes available can be found under our https://panintelligence.atlassian.net/wiki/spaces/PD/pages/293634107 page. All recent changes made in the April 25 and May 25 releases have been reflected on the following pages too;

• https://panintelligence.atlassian.net/wiki/spaces/PD/pages/198311964

• https://panintelligence.atlassian.net/wiki/spaces/PD/pages/198213682

• https://panintelligence.atlassian.net/wiki/spaces/PD/pages/198344716

• https://panintelligence.atlassian.net/wiki/spaces/PD/pages/2335145992

There are two aspects to this update both of which relate to retaining the selected value(s) in lower Category Objects if they still apply after updating the value(s) of higher Category Objects. This requires fetching the available values for this Object from the database which obviously comes with increased load times.

This performance cost was already being paid for certain Category Object types (e.g. Checkboxes) and configurations (e.g. Droplist without ‘Select All’), so for those the new behaviour of retaining selected values if still applicable will happen by default with no additional configuration being required.

For Category Objects that currently do not make this database call, a new option has been added to their configuration labelled ‘Fetch Db Values’ that will enable this behaviour. Please note, this checkbox does not take in to account the rest of the configuration to determine if it ‘needs’ to contact the database it will just always do so. This means that when this option is checked, even if you have configured the Category Object as ‘Exclude From Cascade’ or it is currently its ‘Default Value’ or ‘Select All’ there will still be a performance hit.

Open

A new feature has been introduced to the dashboard, enabling the assignment of a User as an Organisation Super Admin for a specific organisation. This new option grants the user full access to all content within that organisation, without the need for individual permissions for categories, users, or other restricted data.

Organisation Super Admin is distinct from the Super Administrator that has full access across all organisations or Org Admin that manages lower level organisations.

To support this, new checkboxes have been added to the UI, allowing you to designate a user as an Organisation Super Admin. This can be done from the Users panel for both “Users” and “Subscriptions” or by updating the orgSuperField via the API.

UI:

Open

A few restrictions for designating another user as an Organisation Super Admin apply:

• This role can only be assigned to users with the ADMIN User Type.

• To grant this role to someone else, you must be a Super Admin, Org Admin, or Org Super Admin yourself.

• A Super Admin can assign this super power to all Admin users across all organisations.

• An Org Admin can assign it to Admin users within the lower-level organisations they manage.

• An Org Super Admin can only assign this to other Admin users within their current organisation.

• Org Super Admin can only be applied to users at their owner organisation or at lower level organisations - no higher level subscriptions. If the Org Super Admin setting is forced to be true at a higher level org than a user’s owner org in the database, access will still be blocked.

The Org Super Admin user will have access to everything within the scope of the organisation(s) it is set as Org Super Admin in, exactly as the root Super Admin would. This includes: Charts, Categories, API Requests, Users inc. Restrictions & Variables + User Sync, Roles inc. Restrictions & Variables, Organisation Variables (no global), Themes (no global), Organisation Settings, User Access, Category Access, Schedules, Reports, Data Connections, Category Objects, all Import/Exports, all Filters (Charts, Category, Temporary, Report), and Data Connections & everything within them.

The Org Super Admin will see a single organisation tab for the organisation that they are in that they can edit. The Org Super Admin does not have the ability to edit & apply subscriptions. All features are manageable through the API.

This release addresses a long-standing issue with session handling in multi-tenant environments. We have introduced a more robust mechanism for managing Cookies, allowing for improved support of multiple concurrent sessions across different browser tabs.

Session Token Handling
The session token is now stored in a Cookie rather than in session data. The Cookie is created during login, and securely invalidated on logout which prevents stale or invalid tokens from persisting in the browser. The implementation follows best security practices, with cookie security and configuration options derived from the dashboard configuration settings (i.e., dashboard.json).

Cookie Naming Strategy
The name of the cookie is determined dynamically based on the following priority:

1. The cookieName query parameter in the URL

2. The sessionCookieName defined in Tomcat settings

3. A default format: DASHBOARDSESSIONID${appPort}

Dynamic Cookie Name via URL
A new feature allows setting a dynamic cookie name using the cookieName query parameter in the login URL.

This enables multiple users to log in to separate accounts in the same browser without requiring incognito mode. Once cookieName=value is added to the URL as a query parameter and the user attempts to log in, a new cookie will be created to store the token.
For example:

• http://localhost:8224/pi?cookieName=bob (User A)

• http://localhost:8224/pi?cookieName=mary (User B)

Each login session uses its own uniquely named cookie with a token, ensuring isolation and independent session handling.

Resolved issues where:

• Additional Data would be shown in place of the desired Data Column when added to a Rotated Table

• In some complex SQL scenarios, it is possible for data referenced dimensions to not be included in the group by automatically, but instead require the ‘missing’ dimension to be added as Additional Data. For Rotated Tables, this functionality was not working and the SQL error would persist

• Additional Data appearing in exports of Rotated Tables

Report layouts that had sections without any chart in, could sometimes fail to import/export successfully where an image was present (not in the Header or Footer), instead returning a 500 error.

Addressed an issue where Users with a special characters in their name caused issues with some input fields.

Addressed the calculation for the CURRENT_FINANCIAL_MONTH and CURRENT_FINANCIAL_MONTH_SHORT_NUMBER Magic Variables, whereby it would return an incorrect values for dates like May 29–31, when the financial year started in April. The logic now correctly manages month transitions by accounting for differing month lengths.

Addressed an issue whereby users on our legacy Lite User type were being incorrectly counted as a normal user within licence counts.

Resolved an issue where users that were no longer enabled but still had active subscriptions would be erroneously counted as part of the Licence Summary displayed to the Super Admin.

Tomcat has been upgraded to V9.0.102 to ensure that the latest security improvements are in place.

The back button on the multi-factor auth screen was showing an error when used, this has been resolved.

Added

Added fetch_db_values column to mis_category_objects table

fetch_db_values to mis_category_objects table

#2999

35391