Access cubes
There are two levels of access permission for OLAP databases. Global access permissions enable access to the database and control the ability of users to manipulate the database structure. Data access permissions limit the ability of users to see and change data in cubes.
Data access permissions are stored as values in access cubes. Access cubes grant access permissions for each role. All access cubes contain a roles dimension (_GRP). There are these types of access cube:
- #_TABACC
Cube access control. Stores permissions for each cube. The cube has a dimension that lists the cubes of the database. All OLAP databases contain a #_TABACC cube.
- DAC
Dimension access control. Controls access to the elements of a dimension. The cube contains the dimension to be secured. DACs are manually created.
- MDAC
Multidimensional data access control. Controls access to individual cells of a cube. MDACs are manually created.
You can assign these permissions:
Permission | Value in database |
---|---|
No access | 0 |
Read access | 1 |
Write access | 2 |
Default The default is configured in the Database Settings dashboard and can be Read, Write, or None. |
empty |
Pass No access (DAC only) | 8 |
Pass Read access (DAC only) | 9 |
Pass Write access (DAC only) | 10 |
Passed permissions have these values in the database:
Passed permission | Value |
---|---|
None | 16 |
Read | 17 |
Write | 18 |
In a DAC, if you apply a Pass permission to an element that has child elements, then the child elements inherit the permission. The permission is inherited all the way down the hierarchy until another permission is encountered.