Database security profiles concepts

This function allows you to define the database security profiles. There are two fundamental types of privileges that can be set:

 

To access the security profiles click the Security icon located in the System tab of the ribbon bar.

Security_Tab.png

 

then select the Database Security tab as shown

DB_Security.png

 

Select the database name from the drop-down list. The existing profiles are listed in the left window.

Click on a profile to view its definition or click on Add Db Profile to create a new one.

To set privileges, configure the following parameters

 

Security system. Defines the access rights to the create or modify a database security profile.

 

Access mode.

 

Data Selection. Allows to define a filter to restrict access to a sub-set of the InfoCubes data. Using this function you can for example restrict access to a Region area or to a set of Cost centers or another selection of entity members of the database. When users with this profile run an analysis, they are automatically filtered to the data within the authorized selection.

Click Set to set a selection filter or click Reset to remove the selection filter.

 

Customer selection script. Allows to define a selection filter, as above, but using a scripting command. For example, it is possible to define the filter City=London to restrict the profile to select the item London of the entity City. The general syntax of the script is

Select Entity_name = list of members , where the entity members are separated by the comma character.

Note that it is possible to define a dynamic selection in the script. A Dynamic Selection on a security profile is a function which allows to create a parametric selection on an entity, based on the user's log-on name. The function creates a Select by matching the user's username to a chosen entity of the database. The username is searched in the description field of the chosen entity. This feature allows to create a single security profile for all users having identical privileges differing only in the data range which can be viewed. For example, suppose you need to create security profiles for area managers, giving each area manager access to its own data only. In the Board database, you need to create an entity containing the names of the area managers (for example named Area Manager), then you create a single security profile, AREAMGR, which uses the dynamic selection on the Area Manager entity. When a user which is associated to the AREAMGR profile logs-on, its security profile will dynamically inherit a selection on the Area Manager entity item corresponding to its own username therefore all InfoCubes having a dimension linked to the Area Manager entity will be filtered on that item.

To define a dynamic selection on the entity AreaManager type:

Select AreaManager=@user

 

InfoCubes list. Defines the access rights for each infocube.