 |
|
| OLAP Member-Level Permissions |
About OLAP Member-Level Permissions
OLAP member-level permissions enable you to limit access to SAS OLAP data by using filters. Each filter consists of an MDX expression that subsets the data in a dimension as appropriate for a particular user or group. The filters are stored in the metadata as permission conditions. This feature relies on the SAS OLAP Server for enforcement. At query time, the server performs the filtering to determine which dimension members should be returned to each requesting user. The server leverages its knowledge to accomplish the filtering efficiently. This also ensures that the filters are applied every time the data is accessed.
When you use OLAP member-level permissions, it is essential to understand these points:
-
With OLAP data, permission conditions can be specified only on dimension objects.
-
The SECURITY_SUBSET option can affect results. See the discussion of this option in the topic "Cube Security" in the SAS OLAP Server: User's Guide.
-
The members that are returned by the MDX expression must all belong to the dimension on which the permission condition is defined. The returned set of members cannot be a union of members from other dimensions.
-
A permission condition that filters a non-default hierarchy must include at least one member of the default hierarchy. If a requesting user does not have access to any members in the default hierarchy, then the query fails with a permissions error.
See Also
|
SAS OLAP Server: MDX Guide | |
|
SAS OLAP Server: User's Guide |
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.