Access cubes

OLAP provides extensive access security. You can prevent users from accessing specific cubes within a database and prevent them from seeing particular elements within a specified dimension. Or, you can prevent a user from changing dimensions and cube rules.

There are two levels of access permission for OLAP databases. Global access permissions enable access to the database and control the ability of users to manipulate the database structure. Data access permissions limit the ability of users to see and change data in cubes.

Note: If a user is a member of the AdministratorRole role, then permissions are not checked.

Data access permissions are stored as values in access cubes. Access cubes grant access permissions for each role. All access cubes contain a roles dimension (_GRP). There are these types of access cube:

  • #_TABACC

    Cube access control. Stores permissions for each cube. The cube has a dimension that lists the cubes of the database. All OLAP databases contain a #_TABACC cube.

  • DAC

    Dimension access control. Controls access to the elements of a dimension. The cube contains the dimension to be secured. DACs are manually created.

  • MDAC

    Multidimensional data access control. Controls access to individual cells of a cube. MDACs are manually created.

You can assign these permissions:

Permission Value in database
No access 0
Read access 1
Write access 2
Default

The default is configured in the Database Settings dashboard and can be Read, Write, or None.

empty
Pass No access (DAC only) 8
Pass Read access (DAC only) 9
Pass Write access (DAC only) 10

Passed permissions have these values in the database:

Passed permission Value
None 16
Read 17
Write 18

In a DAC, if you apply a Pass permission to an element that has child elements, then the child elements inherit the permission. The permission is inherited all the way down the hierarchy until another permission is encountered.