Access control
OLAP Server provides extensive access security. You can prevent users from accessing specific cubes within a database and prevent them from seeing particular elements within a specified dimension. Or, you can prevent a user from changing dimensions and cube rules.
There are two levels of access permission for OLAP databases. Global access permissions enable access to the database and control the ability of users to manipulate the database structure. Data access permissions limit the ability of users to see and change data in cubes.
Data access permissions are stored as values in access cubes. Access cubes grant access permissions for each role. All access cubes contain a roles dimension (_GRP). There are these types of access cube:
- TABACC
Cube access control. Stores permissions for each cube. The cube has a dimension that lists the cubes of the database. All OLAP databases contain a TABACC cube.
- DAC
Dimension access control. Controls access to the elements of a dimension. The cube contains the dimension to be secured. DACs are manually created.
- MDAC
Multi dimension data access control. Controls access to individual cells of a cube. MDACs are manually created.
You can assign these permissions:
Permission | Value in database |
---|---|
No access | 0 |
Read access | 1 |
Write access | 2 |
Default
The default is configured in the database and can be Read, Write, or None. |
empty |
Pass No access (DAC only) | 8 |
Pass Read access (DAC only) | 9 |
Pass Write access (DAC only) | 10 |
Passed permissions have these values in the database:
Passed permission | Value |
---|---|
None | 16 |
Read | 17 |
Write | 18 |
In a DAC, if you apply a Pass permission to an element that has child elements, then the child elements inherit the permission. The permission is inherited all the way down the hierarchy until another permission is encountered.