Relations access control cubes

Relations access control (RAC) cubes enable you to set access permissions at the level of individual cells. For example, with RAC cubes, you can restrict access to specific accounts that are used only by one entity but which must be hidden from other entities. In this case, the RAC cube has two dimensions, Entities and Accounts. Filtering products that are not sold in specific regions is another example of using RAC cubes. In this case, the RAC cube has a Products dimension and a Regions dimension.

Unlike MDAC cubes, RAC cubes have no Roles dimension (#__GRP__). Instead, all dimensions in RAC cubes are used as coordinates for the areas to which to restrict access.

Caution:

If a user has Administer OLAP Database permission, no data access permissions are checked.

Each cell in the RAC cube sets the permissions for a part of a data cube to which the RAC cube has been assigned.

In a similar way to MDAC cubes, RAC cubes provide security at the area level with READ, WRITE, or NONE permissions, but not for a specific role.

If no specific default permission is set for the RAC cube, then the global default permission of the database is used. Unlike MDAC cubes, there is no dedicated global default permission only for RAC cubes.

If several relations access control cubes or several combinations of RAC and MDAC cubes exist, then these cubes are treated subtractively. That is, if, for example, one cube allows reading on a cell and another cube has the NONE permission set on this cell, then the effective permission for this cell is NONE.