Query Permissions

Owned by Nicolás Palombo (Unlicensed)
Last updated: 17 Oct, 2008Version comment
3 min read
Unknown macro: {scrollbar}

You may define permits over the detailed queries offered by the Drill Through module.

IdeaSoft O3 lets you specify a common repository where the security definitions for the different components are stored. Such definitions can be stored in text files (default option) or in a database (RBAC mechanism).

The access control mechanism is enabled when the cubes are published in the server and not for cubes opened from the file system. Besides, it is necessary for the security information to be stored in databases. You may find further information on the definition of IdeaSoft O3 security mechanisms, roles and users in the O3 Server Administrator Manual.

The permits that enable the different users to use each one of the defined detailed queries are defined over the cubes and for each one of the roles with access to them.

Security associated to the Drill Through functionality lets you define permits for viewing the query, as well as for the using of its filters. Besides, in case access to information has been restricted for some roles, you may maintain that restriction in the data through the detailed query.


To define permits over the queries you need to:

  1. Open O3 Server Administrator (Check that the database where the security definitions reside is available)
  2. Select the "Security" node in the "Services" branch.
  3. Choose the "Permits" tab and then the tab located in the bottom left hand corner called "Plugins"
  4. Select the cube and then the detailed query for which you wish to define security.
  5. For each of the roles, define the operations allowed in the query. (See Defining permits over the query )
  6. Save changes with the "Apply" button or cancel them with the "Cancel" one.

Defining permits over the query

The table in the previous picture shows a row for each query associated to a determined cube.

For each of these rows the values of the following fields must be defined:

  • Plugin: It contains the name identifying the detailed query.
  • Use: It states if the user in the selected role is allowed to make the detailed query. The default value is "Not Specified" and together with the "Allow" value they let you view the query, whereas the "Deny" value does not.
  • Use O3 Profile: If you choose "Allow" or " not specified", the restrictions of access to data defined through the access profiles are taken into consideration.
    The "Deny" option indicates we are not interested in applying restrictions to profiles.
    Please note that this column makes sense if there is a profile to access the cube, associated to the role.
    If the profile is taken into consideration, using the filters has the same limitations the profile has when accessing the dimensions of the cube.
    If it is not, filters can be used despite not being able to access their associated dimensions in the cube.
  • Filter: It states whether using the filters in the detailed query pane is allowed or not.
    The values "Allow" and "Not Specified" let you use the filters.

It is important to point out that the person who defines the detailed query is responsible for denying access to restricted information through the cube access profiles.

Otherwise it is possible to view information to which you have no access in the cube, in the detailed queries.

Unknown macro: {scrollbar}