Security views

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Chapter 7. Dimensional security 149

Grant options

Grant options have the following characteristics:

? The member expression defines the members that users, if granted access to this filter,

are allowed access.

? Ancestors of granted members, if not explicitly granted, are treated as visible ancestors.

All other members are implicitly denied.

? Scope options for Grant:

– Grant members: Only the members that are specified in the member expression are

allowed.

– Grant members and descendants: The members that are specified in the member

expression and all their descendants are allowed.

– Grant members and ancestors: The members that are specified in the member

expression and all their ancestors are allowed.

– Grant members, descendants, and ancestors: The members that are specified in the

member expression, all their ancestors, and all their descendants are allowed.

Deny option

Deny option have the following characteristics:

? The member expression defines the members that users, if granted access to this filter,

are denied access. All other members are implicitly allowed.

? To ensure hierarchies do not become ragged, denying a member also denies all its

descendants.

? Scope option for Deny is deny members and descendants.

7.2.2 Security views

A security view defines a combination of security filters from one or more hierarchies into a

single view of a cube. Measures can also be secured on a security view. If a view contains

two or more filters for a single hierarchy, the set of members to which a user is allowed access

is the difference of the union of the allowed sets and the union of the denied sets.

Consider the following guidelines for views:

? If a user is granted access to multiple views, the consolidated view of the cube is the union

of the allowed sets and the union of denied sets to which each view provides access.

? After a member is explicitly denied through a security filter, accessing it is not possible,

even if the member is explicitly granted access in another filter.

? If security views are defined on the cube, any users who are not assigned to a security

view have no access to the cube.

Notes:

? Most dynamic query set expressions do not include calculated members. However, the

descendants and ascendants flags scope flags include calculated members.

? If errors exist in your dynamic query expression, the hierarchy will have all members

denied and you will be unable to query or explore the metadata of the cube.

? Measures are not secured through security filters. Instead, they are secured on the

security views.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Security views

Create new playlist

Sign In

Sign Up

Table of Contents for
Security views