Example 2: OLAP permissions in application roles
In OLAP, application roles are used
to manage permissions that are the same between all people of a certain business role. For
example, cube permissions or permissions such as Can
write to BUDGET
can be defined using application roles.
For example, you have an OLAP Permission Management role that is named Sales in Infor BI 11.0. In the TABACC cube, the Sales role is defined to see the Sales and Pipeline cubes.
To migrate existing OLAP permissions for application roles:
- In the target application, create a new application role with the name Sales with global permissions for OLAP.
- Define the needed global and object permissions for the application role.
- Migrate the OLAP database to the application.
When starting the OLAP database, the application and data roles are synchronized with the _GRP dimension of the OLAP database. Because the Sales role is available in the target application, the permissions for the Sales role element in the TABACC access cube are not removed.
OLAP data permissions are handled in access cubes, as values in cells of the cube. Each access cube has a _GRP dimension that automatically synchronizes with the application and data roles. If a role is not there, the element is deleted from the _GRP dimension and the values for the GRP element are lost.