Permissions on Cubes for Individual Users

Design-time permissions on cubes let users read, update, and delete cubes. Runtime permissions on cubes let users query cubes and create Hive tables from SELECT statements on cubes. You can choose whether to grant these permissions to all users, or to individual users.

Before you begin

• Ensure that you are logged into AtScale as either a super user or an administrator for the organization for the project or cube that you want to grant permissions on.

• If you are using local authentication for your users, ensure that the users that you want to grant permissions to have been added to AtScale.

  info

> >

> > Attention > >

:::

Use AtScale's local directory service for testing only. Do not use it in production environments. This directory service is not meant to support the types of workloads that are common to production environments. Before using AtScale in production, configure your AtScale organization to use an external directory service, such as Microsoft Active Directory, another LDAP service, or Google G Suite Directory.

• When using external authentication for your users, ensure the following:

  • Groups in your directory service are mapped to AtScale roles
  • The user accounts that you want to grant permissions to are synchronized to AtScale.

• Note that project and cube creators cannot have the permissions disabled on the projects they have created.

Default permissions for new cubes

By default, AtScale grants cube permissions to all users in the external directory service you are using. If you want only the creator of a new cube (and also administrators) to have all permissions:

1. Go to Settings > Organization Settings > Options.
2. Locate the Default Project/Cube Security option.
3. Choose the Override & Enable button for this option.

Procedure

Access the cube permissions dialog as described in Grant Design-Time Permissions.

To grant runtime permissions:

1. Choose Security > Runtime Permissions.

2. Enable Restrict Access to grant permissions to a subset of the users.

3. Choose which permissions to give to each user:

   • Query: Users can issue SELECT statements to the cube.

   • Create Table as Select (CTAS): Users can issue SELECT statements to the cube and write the results to the data warehouse as a new table.

     If you are using Google BigQuery, the tables are created directly in BigQuery. If you are using a Hadoop cluster, the tables are created in the Hive metastore."

4. Save your changes.

To grant design-time permissions:

1. Choose Security > Design Permissions.

2. Enable Restrict Access to grant permissions to a subset of the users.

3. Choose which permissions to give to each user:

   • Read: Can see the cube connection information. Can duplicate a cube (if you also have project update permission)
   • Update: Can open the cube design canvas and edit the cube model and settings.
   • Delete: Can delete the specific cube from the project.

4. Save your changes.