Applying Database Security


This section will be of particular interest and use to Administrators concerned with implementing Security controls based on end-users’ privileges to specified areas of a shared PowerOLAP database. This section—the last “step-by-step” instructional section in this manual—therefore also functions as a good transition to the manuals that concern multi-user components of PowerOLAP® (MDB Server, OLAP Exchange®, and Synchronization Server), since Security may be involved in a multi-user, shared database environment.

PowerOLAP® provides advanced security features that allow database Administrators to implement very exact Meta Data and Fact Data privileges for a shared database. For example, an Administrator might give a user Read privileges to most data, but only Read privileges to some data in a certain Cube, and no viewing rights at all to a precise (but significant) Fact Data range. We will consider Meta Data and Fact Data privileges in detail in this section.

There will also be discussions of Locking Fact Data Ranges and the Security Export/Import feature.

When determining the security for a database, the following is a logical sequence of steps:

      [1]    Secure Database (New or Existing)

      [2]    Secure Define Users & Groups

      [3]    Secure Assign Database Privileges (to Add New Dimensions and Cubes)

      [4]    Secure Assign Meta Data and Fact Data Privileges

      [5]    Secure Lock Ranges of Fact Data

      [6]    Secure Security Export/Import

The following pages will demonstrate how to proceed through this sequence to apply the desired level of security to your database.