The following sample access grant definition (called Foodmart Grant and found in the repository at /analysis/schemas) is used with the Foodmart Mondrian connection, (found in the repository at /analysis/connections):
This schema defines access permissions for a role called StateManager. In this example, the SchemaGrant element defines none as the default access for all objects in the schema. Users with the StateManager role cannot access anything, unless a lower level grant overrides the default.
The cube attribute has the value Sales, so the definition is for the Sales cube. The access attribute has the value all. This gives users with this role access to the entire Sales cube. Again, lower level grants can override this one.
HierarchyGrant elements define access to the Store, Customers, and Gender hierarchies. Users with this role cannot see any of the gender hierarchy. The other two HierarchyGrant elements define custom access to the Store and Customers hierarchies.
The member grants in this example use substitution variables like %{State} to represent substitutions from the profile attribute table. These particularize the grant to the specific user associated with the StateManager role. For example, suppose user John has StateManager as one of his roles. Also suppose that the profile attribute table has a row in which the values of the columns attribute and values are State, and CA,OR,WA. If you create a view for John, the line:
<MemberGrant member="[Customers].[uSA].[%{State}]"
access="all"/>
in the above example is interpreted to mean:
<MemberGrant member="[Customers].[uSA].[CA,OR,WA]"
access="all"/>
Recommended Comments
There are no comments to display.