Permissions (Role Interface)

Analysis Services Programming

Analysis Services Programming

Permissions (Role Interface)

The Permissions property of the Role interface contains the role permissions for a specified key.

Applies To

clsCubeRole

clsDatabaseRole

clsMiningModelRole

Data Type

String

Access

Read-only

Remarks

The Permissions property contains nine permissions keys. The meaning of each key and its possible return values follow:

Access

The Access key indicates what type of access the users assigned to the Role object have to the entire cube. Valid return values for the key are listed in the following table.

Return value Description
R The members of this role have read-only access to the cube.
RW The members of this role have read/write access to the cube.

This key is for use only with objects of ClassType clsCubeRole.

AllowDrillThrough

The AllowDrillThrough key indicates whether the users assigned to the Role object can execute drillthrough queries on the cube. Valid return values for the key are listed in the following table.

Return value Description
True Drillthrough is allowed on this cube for members of this role.
False Drillthrough is not allowed on this cube for members of this role. (Default)

This key is for use only with objects of ClassType clsCubeRole.

AllowLinking

The AllowLinking key indicates whether the users assigned to the Role object are allowed to link to the cube. Setting this property to False prevents users from creating linked cubes based on the cube.

Value Description
True Linking is allowed to this cube for members of this role. (Default)
False Linking is not allowed to this cube for members of this role.

This key is for use only with objects of ClassType clsCubeRole.

AllowSQLQueries

The AllowSQLQueries key indicates whether the users assigned to the Role object are allowed to execute SQL SELECT queries against the cube. Setting this property to False prevents users from creating local cubes based on the cube or viewing cube data using an SQL SELECT statement.

Value Description
True SQL queries are allowed on this cube for members of this role. (Default)
False SQL queries are not allowed on this cube for members of this role.

This key is for use only with objects of ClassType clsCubeRole.

EnforcementLocation

The EnforcementLocation key indicates whether security for the users assigned to the Role object is enforced on the server or on the client application. Valid return values for the key are listed in the following table.

Return value Description
Client Security is enforced on the client application for members of this role. (Default)
Server Security is enforced on the server for members of this role.

This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.

CellRead

The CellRead key contains a logical Multidimensional Expressions (MDX) expression that identifies visible, readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

This key is for use only with objects of ClassType clsCubeRole.

CellReadContingent

The CellReadContingent key contains a logical MDX expression that identifies contingent-readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

This key is for use only with objects of ClassType clsCubeRole.

CellWrite

The CellWrite key contains a logical MDX expression that identifies writable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

This key is for use only with objects of ClassType clsCubeRole.

Dimension:<dimension name>

The Dimension key is used to specify dimension security options on a dimension, using a string value containing XML syntax. The syntax for the key includes the name of the dimension that will be secured by the role object. The Dimension key contains XML syntax that defines the read and write access of the members for the dimension. If no dimension security options are specified for the Role object, an empty string is returned.

The XML syntax for the return value is detailed here:

<MEMBERSECURITY
   [ IsVisible="<Boolean_string>"]
   [ DefaultMember="<allowed_member>"]
   [ VisualTotalsLowestLevel="<level_expression>"
>
   <PERMISSION Access="Read"
      [ UpperLevel="<level_expression>"]
      [ LowerLevel="<level_expression>"]
      [ AllowedSet="<set_expression>"]
      [ DeniedSet="<set_expression>"]
      [ Description="<desc>"]
   />
   <PERMISSION Access="Write"
      [ UpperLevel="<level_expression>"]
      [ AllowedSet="<set_expression>"]
      [ Description="<desc>"]
   />
</MEMBERSECURITY>

The <Boolean_string> value can contain either "True" or "False". The <allowed_member> value contains the name of a single read-enabled member. The <level_expression> contains an MDX expression that returns a single level. The <set_expression> value contains an MDX expression that returns a set of members. The <desc> value contains a free-form text description of the permission.

This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.

Example

Use the following code to return a role object's permission string:

Dim strPerms As String
strPerms = RoleObject.Permissions("Access")

See Also

Role Interface

SetPermissions

Dimension Security

Cell Security