With Roles you will be able to control end users’ access to the source data. You may grant or deny access to any level of your source data: On the Data Warehouse level, on cube level, on measure and dimension level and even on the very granular dimension attribute and hierarchy level.
A user or a group may be member of multiple Roles, and it is the cumulative effect of these roles that determines whether a user is permitted to work with certain source data or not.
There are three modes of permissions:
- Allow in this role. The current role grants access to the source data.
- If the user is part of this role only, he will have access to the source data.
- If the user is part of another role where permission is set to None in this role, he will have access to the source data.
- If the user is part of another role where permission is set to Deny in all roles, he will not have access to the source data.
- None in this role. The current role does not grant access to the source data. Neither does it deny access to the source data if the user has been granted access in a different role.
- If the user is part of this role only, he will not have access to the source data.
- If the user is part of another role where permission is set to Allow in this role, he will have access to the source data.
- Deny in all roles. The current role denies access to the source data, no matter what other permissions the user may have in other roles.
- Furthermore, you may work with a Default Child Permission on each node which determines the permission to any new children that are subsequently added to the node. By default, children will inherit their parent’s permission, but may also set to default to None, Allow or Deny.
Comments
Please sign in to leave a comment.