Permissions (Role Interface)
The Permissions property of the Role interface contains the role permissions for a specified key.
Applies To
Data Type
String
Access
Read-only
Remarks
The Permissions property contains nine permissions keys. The meaning of each key and its possible return values follow:
Access
The Access key indicates what type of access the users assigned to the Role object have to the entire cube. Valid return values for the key are listed in the following table.
| Return value | Description |
|---|---|
| R | The members of this role have read-only access to the cube. |
| RW | The members of this role have read/write access to the cube. |
This key is for use only with objects of ClassType clsCubeRole.
AllowDrillThrough
The AllowDrillThrough key indicates whether the users assigned to the Role object can execute drillthrough queries on the cube. Valid return values for the key are listed in the following table.
| Return value | Description |
|---|---|
| True | Drillthrough is allowed on this cube for members of this role. |
| False | Drillthrough is not allowed on this cube for members of this role. (Default) |
This key is for use only with objects of ClassType clsCubeRole.
AllowLinking
The AllowLinking key indicates whether the users assigned to the Role object are allowed to link to the cube. Setting this property to False prevents users from creating linked cubes based on the cube.
| Value | Description |
|---|---|
| True | Linking is allowed to this cube for members of this role. (Default) |
| False | Linking is not allowed to this cube for members of this role. |
This key is for use only with objects of ClassType clsCubeRole.
AllowSQLQueries
The AllowSQLQueries key indicates whether the users assigned to the Role object are allowed to execute SQL SELECT queries against the cube. Setting this property to False prevents users from creating local cubes based on the cube or viewing cube data using an SQL SELECT statement.
| Value | Description |
|---|---|
| True | SQL queries are allowed on this cube for members of this role. (Default) |
| False | SQL queries are not allowed on this cube for members of this role. |
This key is for use only with objects of ClassType clsCubeRole.
EnforcementLocation
The EnforcementLocation key indicates whether security for the users assigned to the Role object is enforced on the server or on the client application. Valid return values for the key are listed in the following table.
| Return value | Description |
|---|---|
| Client | Security is enforced on the client application for members of this role. (Default) |
| Server | Security is enforced on the server for members of this role. |
This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.
CellRead
The CellRead key contains a logical Multidimensional Expressions (MDX) expression that identifies visible, readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.
This key is for use only with objects of ClassType clsCubeRole.
CellReadContingent
The CellReadContingent key contains a logical MDX expression that identifies contingent-readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.
This key is for use only with objects of ClassType clsCubeRole.
CellWrite
The CellWrite key contains a logical MDX expression that identifies writable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.
This key is for use only with objects of ClassType clsCubeRole.
Dimension:<dimension name>
The Dimension key is used to specify dimension security options on a dimension, using a string value containing XML syntax. The syntax for the key includes the name of the dimension that will be secured by the role object. The Dimension key contains XML syntax that defines the read and write access of the members for the dimension. If no dimension security options are specified for the Role object, an empty string is returned.
The XML syntax for the return value is detailed here:
<MEMBERSECURITY
[ IsVisible="<Boolean_string>"]
[ DefaultMember="<allowed_member>"]
[ VisualTotalsLowestLevel="<level_expression>"
>
<PERMISSION Access="Read"
[ UpperLevel="<level_expression>"]
[ LowerLevel="<level_expression>"]
[ AllowedSet="<set_expression>"]
[ DeniedSet="<set_expression>"]
[ Description="<desc>"]
/>
<PERMISSION Access="Write"
[ UpperLevel="<level_expression>"]
[ AllowedSet="<set_expression>"]
[ Description="<desc>"]
/>
</MEMBERSECURITY>
The <Boolean_string> value can contain either "True" or "False". The <allowed_member> value contains the name of a single read-enabled member. The <level_expression> contains an MDX expression that returns a single level. The <set_expression> value contains an MDX expression that returns a set of members. The <desc> value contains a free-form text description of the permission.
This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.
Example
Use the following code to return a role object's permission string:
Dim strPerms As String
strPerms = RoleObject.Permissions("Access")