In granting the Dimensions, Cubes and Slices Security Rights we restrict a user’s access by granting them different Access Levels. Listed below are the different Access Privileges that we can grant a user.
Access Privileges for Dimensions, Cubes and Slices Meta Security
A. READ Privilege:
|
Access Level: READ |
|
Dimension |
Cube |
Slice |
Can see the dimension |
Can see the cube |
Can see the slice |
Can see its members |
Can create a slice |
Slice opens read-only; cannot edit |
Can see its hierarchy |
Can access data locks |
Cannot rename or delete the slice |
Can see its alias groups |
Cannot see its formulas |
Cannot rename or delete the slice |
Can see its subsets |
Cannot see its metadata security properties |
Cannot see its metadata security properties |
Cannot see its metadata security properties |
Cannot see its fact data security definitions |
Cannot save slice metadata edits |
Cannot rename or delete the dimension |
Cannot rename or delete cube |
|
|
|
|
B. ADD Privilege:
|
Access Level: ADD |
|
Dimension |
Cube |
Slice |
Can see the dimension |
Can see the cube |
Can see the slice |
Can see its members |
Can create a slice |
Slice opens editable |
Can add members |
Can access data locks |
Cannot rename or delete the slice |
Can rename and delete newly added members* |
Cannot see its formulas |
Cannot see its metadata security properties |
Can see its hierarchy |
Cannot see its metadata security properties |
Cannot save slice metadata edits |
Can add members to root of the hierarchy only |
Cannot see its fact data security definitions |
|
Can see its alias groups |
Cannot rename or delete cube |
|
Can add alias groups |
|
|
Can add aliases |
|
|
Can see its subsets |
|
|
Cannot see its metadata security properties |
|
|
Cannot rename or delete the dimension |
|
|
Cannot rename or delete existing members |
|
|
Cannot modify aggregates |
|
|
|
|
|
C. DESIGN Privilege:
|
Access Level: DESIGN |
|
Dimension |
Cube |
Slice |
Full Privileges |
Full Privileges |
Full Privileges |
|
|
|
Access Privileges for Cubes Fact Security
a. Read
- The user has the ability to read data contained in the security range.
b. Write
- The user has the ability to write the data in the security range.
c. Reserve
- The user has the ability to temporarily reserve all of the data in the
range. This allows the user to change the data in the range, but prevents
all other users from changing the data.
d. Lock
- The user has the ability to temporarily lock all of the detail level
data in the security range.
e. Commit
- The user has the ability to create an irrevocable lock for the security
range.
Notes
An Administrator of the Cube will always have Full Database Privileges.