Skip to main content
Version: I2022.4.1

Granting Design-Time and Runtime Permissions on Cubes to Individual Users

Design-time permissions on cubes let users read, update, and delete cubes. Runtime permissions on cubes let users query cubes and create Hive tables from SELECT statements on cubes. You can choose whether to grant these permissions to all users, or to individual users.

Before you begin

> >

> > Attention > >
:::

Use AtScale's local directory service for testing only. Do not use it in production environments. This directory service is not meant to support the types of workloads that are common to production environments. Before using AtScale in production, configure your AtScale organization to use an external directory service, such as Microsoft Active Directory, another LDAP service, or Google G Suite Directory.

Default permissions for new cubes

By default, AtScale grants cube permissions to all users in the external directory service you are using. If you want only the creator of a new cube (and also administrators) to have all permissions:

  1. Go to Settings > Organization Settings > Options.
  2. Locate the Default Project/Cube Security option.
  3. Choose the Override & Enable button for this option.

Procedure

Access the cube permissions dialog as described in Grant Design-Time Permissions.

To grant runtime permissions:

  1. Click Runtime Security.

  2. Deselect Allow access to all users to grant permissions to a subset of the users.

  3. Choose which permissions to give to each user:

    • Query: Users can issue SELECT statements to the cube.

    • Create Table as Select (CTAS): Users can issue SELECT statements to the cube and write the results to the data warehouse as a new table.

      If you are using Google BigQuery, the tables are created directly in BigQuery. If you are using a Hadoop cluster, the tables are created in the Hive metastore."

  4. Save your changes.

To grant design-time permissions:

  1. Click Design Time Security.

  2. Deselect Allow access to all users to grant permissions to a subset of the users.

  3. Choose which permissions to give to each user:

    • Read: Can see the cube connection information. Can duplicate a cube (if you also have project update permission)
    • Update: Can open the cube design canvas and edit the cube model and settings.
    • Delete: Can delete the specific cube from the project.
  4. Save your changes.