Grant a permission, a filter or a stored calculation to a user or a group.
At each level (system, application or database) existing roles are replaced. However, the built-in privileges create_user and create_application are not replaced.
After granting a permission to a user or group, it can be revoked by subsequently granting no_access. However, to prevent users from being able to load the application, you should also grant no_access at the application level.
There may be only one filter per user per database. Therefore, granting a filter replaces any filters the user may already have on that database.
After granting permissions using a filter, the filter permission can be revoked by subsequently granting no_access to the database. However, to prevent users from being able to load the application, you should also grant no_access at the application level.
A user or group may have any number of calculations per database. Therefore, granting a calculation adds it to the user or group's list of calculations. Grant execute any gives the user or group permission to execute all calculations, including the default calculation.
After granting execute permission, the permission can be revoked by subsequently granting no_access to the database. However, to prevent users from being able to load the application, you should also grant no_access at the application level.
grant no_access to NewGroup;
grant supervisor to Fiona;
grant designer on application Sample to Fiona;
grant read on database Sample.basic to Fiona;
grant filter Sample.basic.filter8 to Fiona;
You can grant permissions to users and groups in the following ways using grant.
Key Phrase | Explanation |
---|---|
create_application to... | Grant Create/Delete Applications permission to a user or group. |
create_user to... | Grant Create/Delete Users/Groups permission to a user or group. |
no_access to... | Revoke any permissions the user or group may have. |
supervisor to... | Grant Supervisor permission to a user or group. |
no_access on application...to... | Revoke any permissions the user or group may have on the specified application. |
designer on application...to... | Grant Application Designer permission to a user or group for the specified application. |
no_access on database...to... | Revoke any permissions the user or group may have on the specified database. |
read on database...to... | Grant Read permission to a user or group for the specified database. |
write on database...to... | Grant Write permission to a user or group for the specified database. |
designer on database...to... | Grant Database Designer permission to a user or group for the specified database. |
filter <filter-name> to... | Assign a filter to a user or group that grants or denies permissions to the specified database at a data-value level of detail. |
execute <calc-name> to... | Grant the user or group permission to run the specified stored calculation script. |
execute any on system to... | Grant the user or group permission to run any calculation against any database on the Analytic Server. |
execute any on application...to... | Grant the user or group permission to run any calculation against any databases in the specified application. |
execute any on database...to... | Grant the user or group permission to run any calculation against the specified database. |
execute default on system to... | Grant the user or group permission to run the default calculation against any database on the Analytic Server. |
execute default on application...to... | Grant the user or group permission to run the default calculation against any databases in the specified application. |
execute default on database...to... | Grant the user or group permission to run the default calculation against the specified database. The default calculation is typically 'CALC ALL;', but it can be changed using alter application set default calculation. |
©2004 Hyperion Solutions Corporation. All Rights Reserved. http://www.hyperion.com |