Managing cell-level access permissions

To streamline permission management within a model, you can manage multidimensional and relations access permissions at the cell level on MDAC and RAC cubes' Properties and Permissions tabs in OLAP Modeling.

MDAC and RAC cubes' Properties tab

Depending on a cube variant, a cube's properties are displayed in a read-only or editable mode.

For simple MDAC cubes, the name, caption, and description are read-only and a precreated data table is offered for populating the cube.

For advanced MDAC cubes and RAC cubes, the name is read-only but you can edit default and localized captions and descriptions. An Error icon is displayed if you exceed the character limit.

On the Properties tab, you can perform these actions:

  • Set the default permission. Default permissions are stored in the DEPM_MOD_CUBE table. The default setting applies to all cells as an initial state. For example, if most cells should be read-only and only some editable, set the default setting to Read. In this way, you only have to manually adjust the exceptions, rather than configure each cell individually.
  • Enable the Use Data Table option and select one of available permissions tables or create a table. If the selected table is invalid or missing, the table is displayed with an Error icon and appropriately labeled tooltip.
  • Enable the transaction log or Changelog, or both.

MDAC and RAC cubes' Permissions tab

The Permissions grid on the Permissions tab shows the last two dimensions of a cube that are displayed in a row and column, respectively. The grid cells show permission values such as Default, None, Read, and Write.

Note: If you assigned the default permission on the Properties tab, that permission is used for all cells that have not been assigned another permission in the Permissions grid.

Permission values are stored in a linked data table. The data table is linked from the Properties tab. The assignment is stored in the DEPM_MOD_FACTTABLE table. For a simple MDAC cube, the assignment is stored in the DEPM_MOD_MDACTABLE table. Modifications are published to the MDAC or RAC cube. The linked table is a single point of truth for permission values. When a data table is linked, any permission values that were added directly to the RAC or MDAC cube are lost. This is because the cube is purged before publishing values from the linked table.

Note: To avoid issues with missing data or an invalid Permissions table, ensure that a valid data table is linked on the Properties tab. Ensure that only one table with permission values is mapped to an access cube. If multiple tables are mapped to the same access cube, only the table with the highest order value is relevant.

Use the collapsible Filters panel to refine the grid view based on selected dimension values. The Filters panel shows the default hierarchy for dimensions. The three-dot icon next to the dimension's name provides additional actions such as selecting elements or swapping dimensions with a dimension from the grid.