Cube Roles
A cube role applies to a single cube, includes a list of Windows NT® 4.0 or Windows® 2000 user accounts and groups, and indicates the objects in the cube they can access and the kind of access they have to those objects.
The specifications in a cube role apply to end users' access to a cube on an Analysis server while they are connected to it with a client application. Cube roles are not used to grant or deny administrative access to objects. For information about administrative access, see Administrator Security.
Usually, database roles are created and then assigned to cubes. Each assignment grants access to the cube and creates a cube role with the same name as the database role. The database role provides defaults for the cube role. The cube role can then be tailored for the cube.
In a cube role, you can control access to the dimensions in the cube. You can specify which levels and members of a dimension the role can view. If a dimension is
In a cube role, you can also control access to the cells in the cube. You can specify which cells the role can view. If a cube is write-enabled, you can specify which cells the role can update. For more information, see Cell Security.
In a cube role, you can also indicate whether the role can drill through to a cell's source data. To use this capability, you must also enable drillthrough for the cube or at least one of its partitions. For more information, see Specifying Drillthrough Options.
Cube roles are immediately subordinate to the cube. The cube roles in a cube apply to only that cube and the objects within that cube. However, changes to some specifications in a cube role propagate to the database role and all cube roles with the same name as the changed cube role. These specifications include the list of user accounts and groups and read/write permissions for dimensions.
In the object hierarchy, commands are immediately subordinate to cube roles. These commands are role commands. A role command is executed only for a specific cube role. For example, a calculated member is created as a role command so that it is displayed only to end users in a particular cube role. You must create and maintain role commands programmatically by using clsRoleCommand.
In Analysis Manager, cube roles are identified by the following icon.
In Analysis Manager, cube roles are created and maintained in Cube Role Manager and the Cube Role dialog box. Database roles are assigned to cubes in the Cubes tab of the Database Role dialog box or in Cube Role Manager.
Cube roles are usually the last objects created in order to deploy a cube.
If you are programming with Decision Support Objects (DSO), the class type associated with the cube role is clsCubeRole.