This function allows you to define the database security profiles. There are two fundamental types of privileges that can be set:
privileges on database design: you can allow or deny access to some database design functions.
privileges on data access: you can define which InfoCubes can be viewed and how (read-only or read/write mode) and restrict access to a portion of the InfoCube by defining which entity members the profile is authorized to view.
To access the security profiles click the Security icon located in the System tab of the ribbon bar.
then select the Database Security tab as shown
Select the database name from the drop-down list. The existing profiles are listed in the left window.
Click on a profile to view its definition or click on Add Db Profile to create a new one.
To set privileges, configure the following parameters
Security system. Defines the access rights to the create or modify a database security profile.
Access mode.
Data Selection. Allows to define a filter to restrict access to a sub-set of the InfoCubes data. Using this function you can for example restrict access to a Region area or to a set of Cost centers or another selection of entity members of the database. When users with this profile run an analysis, they are automatically filtered to the data within the authorized selection.
Click Set to set a selection filter or click Reset to remove the selection filter.
Customer selection script. Allows to define a selection filter, as above, but using a scripting command. For example, it is possible to define the filter City=London to restrict the profile to select the item London of the entity City. The general syntax of the script is
Select Entity_name = list of members , where the entity members are separated by the comma character.
Note that it is possible to define a dynamic selection in the script. A Dynamic Selection on a security profile is a function which allows to create a parametric selection on an entity, based on the user's log-on name. The function creates a Select by matching the user's username to a chosen entity of the database. The username is searched in the description field of the chosen entity. This feature allows to create a single security profile for all users having identical privileges differing only in the data range which can be viewed. For example, suppose you need to create security profiles for area managers, giving each area manager access to its own data only. In the Board database, you need to create an entity containing the names of the area managers (for example named Area Manager), then you create a single security profile, AREAMGR, which uses the dynamic selection on the Area Manager entity. When a user which is associated to the AREAMGR profile logs-on, its security profile will dynamically inherit a selection on the Area Manager entity item corresponding to its own username therefore all InfoCubes having a dimension linked to the Area Manager entity will be filtered on that item.
To define a dynamic selection on the entity AreaManager type:
Select AreaManager=@user
InfoCubes list. Defines the access rights for each infocube.