OLAP Server User Guide
Configuring icCube
Running icCube
Migrating icCube
Security
Creating Schemas/Cubes
Working with icCube
Reporting Tools Integration
Embedding icCube
Plugins/Extensions
HOWTO
Web Reporting
Web App Integration
Installation
Local Settings
Displaying a Report
Visualization Library
Tutorials
Demos
MDX Documentation
MDX Tutorial (Gentle Introduction)
MDX Functions Reference
MDX Language Reference
MDX OO Extensions
JAVA Integration
R Integration
Reference
icCube Client Library
XMLA Client Library

Access Rights

In icCube access rights allows to authorize and/or deny access to several resources : application features, schemas/cubes, dimensions, members, cells, etc... They are defined by roles. Users can then be attached one or more roles. Upon login, users can decide to use their default role (the first in their list of role) or specify a role using the syntax username/rolename in the login window.

Roles are configured using the monitoring/roles application in the WEB user interface.

Applications

It is possible to authorize and deny access to several applications (or features) of WEB interface. The same way, access to both the XMLA and Google visualization network interfaces can be restricted.

Schemas

The highest level of authorization is at schema level. Schemas can authorized and denied. You can as well define there the default access mode for the cube: that is, whether the cube will be in read only of read/write (i.e., write-back enabled) mode. This settings can be overridden at cube level.

Note that when using cubes defined using header based definitions, you cannot authorize/deny dimensions/hierarchies/members and cells.

Dimension / Hierarchy / Members

Similarly to schemas, you can authorize/deny dimensions and hierarchies. Allowed/denied members are defined at hierarchy level using regular MDX (tuple/set) expressions. Note that you can redefine the default member of the hierarchy in case the original one is not allowed anymore. The option apply-to-facts allows you to filter as well the corresponding cells of the cube (doing this way you'll see a visual totals of the members).

Cubes / Measure Groups / Cells

Allowed/denied cells are defined at measure group levels. They're defined using both optional MDX expressions. If not allowed-cells are defined, then the list of authorized cells is "all cells" minus the denied cells/

File : icCubeRoles.icc-users

Roles definitions are stored within the file 'icCubeRoles.icc-roles' that is located within the 'roles' directory as defined in the file icCube.xml and available in the monitoring WEB interface).