Managing Security & Permissions
Column-based Access Rights (Column Access Permission) Dimension / Measure column-based security can be applied for all the cubes. Column Access Permission is granting or restricting access to cube dimension columns or measure columns. All the subordinate objects of a dimension, including hierarchies’ levels and members, are also secured. Column Access permissions are applied at the cube level. These are implemented by giving or limiting access to cube dimensions and measures. Example: A sales manager can view the profits made by the sales representatives. Sales representatives can only view the sales targets assigned to them. Dimension Value–based Access Rights (Data Access Permissions) Data value security is restricting data being retrieved by or viewed by the user. Data value security is applied at the cube level. This is implemented using an expression defined at the cube level with User/Groups permissions. Example: Regional Executives can see only the GrossSales achieved in their assigned territories. A Country Manager can see the overall GrossSales as reported by various sales representatives.