Application Roles

Only Application Roles can be exported by the Repository application component export. The Application Roles must meet these requirements:

  • A role with exactly the same name must exist in all models selected for the application component export. For the OLAP Permission Management this means, for example, that element security roles will not be exported. These roles are typically created and used in OLAP Permission Management for the cube access. If a model is not part of the export, it is not checked and no fitting role is required.
  • Built-in roles are not exported and should not be used to ensure content security.

For the Application Roles that are exported, these rules apply:

  • Locking: If an Application Role is locked, name, description, and role definition (permission assignments and rank) of all model roles (Application Studio report catalog, Dashboard Catalog, OLAP Permission Management) are locked and cannot be edited. User and group assignments are never locked and exported with the content.
  • Update behavior: If an Application Role with the same name is already given, only name, description, and definition (permission assignments and rank) are overwritten. The user and group assignments that belong to the content are not overwritten.
Parent topic: Repository application component export for a BI Services environment