Securing content with application roles, example

In this example, you provide access to different data, to different users, within a single report. The Region 1 user can see only data for Africa, and the Region 2 user can see only data for Asia.

  1. Select Dashboards > User and Permission Management > Application Roles.
  2. Select the Samples application and create an application role called SalesManager. Give the role View Application, View Dashboard, View OLAP, and View Report application permissions.
  3. Select Dashboards > OLAP > Data Roles. Select the Samples application and create roles called Region 1 and Region 2.
  4. Select Dashboards > OLAP > Edit Database and select the Samples database. Expand the Dimensions node and select the Region dimension.
  5. In the Security pane of the Properties tab, select Enable Dimension Access Control and click Create New Cube.
    By default, the name and caption of the cube are #REGION. Click Create and then click Save
  6. Select Dashboards > OLAP > Manage Permissions. Select Samples as the data source and #REGION as the access cube.
  7. Click Grid Click Mode and select Pass No Access.
  8. Click the user icon in every row of the SalesManager column.
    This ensures that, on its own, the SalesManager role has no access to any region's data.
  9. Click Grid Click Mode and select Read Access.
  10. Click the user icons at the intersection of the Region 1 column and the Africa row and at the intersection of the Region 2 column and the Asia row.
  11. Apply Pass No Access to all remaining rows of the Region 1 and Region 2 columns.
    Note: Removing permissions from other roles is equally important as giving the required permissions to the Region 1 and Region 2 roles.
  12. Select Dashboards > User and Permission Management > Users and User Groups.
  13. Create Basic users called SalesManagerAfrica and SalesManagerAsia.
  14. In the Application Roles widget, select Samples. Assign SalesManagerAfrica and SalesManagerAsia the SalesManager application role.
  15. In the OLAP Data Roles widget, assign the Region 1 role to SalesManagerAfrica and the Region 2 role to SalesManagerAsia.
  16. In Application Studio, sign in to the Samples application and create a report called Regions. Drop the Region dimension of the Analysis cube into the report to create a hyperblock. Check in the report and its parent folder.
  17. Sign in to Dashboards as SalesManagerAfrica and open the Samples application.
  18. Open the Regions report from the Samples data connection.
    Only the Africa element is displayed in the report.