Access Rights for Databases (Level 2)

The #_GROUP_DATABASE_DATA cube serves to grant or to restrict group access to database objects. This cube is automatically created in the System database. Below is a screenshot of this cube:

The default value for empty cells is D.

Only users who belong to the admin group are allowed to view or edit this cube. The rights defined for any database in this cube cannot be overridden for specific objects (e.g. cube cells) within that database. For example, if a group is only granted R access to the Demo database, users belonging only to this group will not be able to modify any contents inside the Demo database, regardless of any higher rights that may be defined for the group within that database itself.

The dimension #_DATABASE_ is updated automatically by the OLAP Server whenever a new database is created. The cube #_GROUP_DATABASE_DATA can contain values like any other right cube, i.e., N, R, W, D.

With an entry in palo.ini you can change the default value, For example, to change the default value to N, enter

Copy
default-db-right N

The result will be that no user of any group (except for the admin group) is able to see an element of dimension #_Database_ unless a higher right is explicitly granted to his group in the view above.

Note: Access to the System database is managed in the OLAP right object called "rights". If you only grant N access on this right object to a specific role, the members of this role will not be able to see the contents in the System database. For more information, see Rights Objects in Jedox.

Related links:

Updated September 27, 2022