Granting Runtime Permission on Cubes to Groups of Externally-Authenticated Users
You can grant runtime permissions on published cubes to AtScale groups that are mapped to directory groups, so that you can grant these permissions to multiple users at a time.
About this task
When you are managing users by means of an external directory service, such as an LDAP server, Google Directory, or Microsoft Active Directory, the users are assigned to groups in that directory service. By granting runtime permissions directly to AtScale groups that are mapped to directory groups, you can prevent a large amount of administrative overhead costs that would accrue from managing access for individual users.
The runtime permissions allow users in the groups to query published versions of a cube and to create tables from SELECT statements on published versions of a cube. The tables are created in your data warehouse.
- If you are using Google BigQuery, the tables are created directly in BigQuery.
- If you are using a Hadoop cluster, the tables are created in the Hive metastore.
Before you begin
-
Ensure that your user ID is an administrator for your AtScale organization or is a super user.
-
Map directory groups to AtScale groups.
- Choose Security from the main navigation, then click Group Mappings.
- In the section Directory Group to Group Mappings, add the mappings that you need.
Procedure
-
Select Cubes. Find and click the name of the project.
-
Click on Security.
-
In the Cube Runtime Permissions dialog box, clear the checkbox Grant access to all users and groups.
-
Use the arrow controls to expand the permission controls for each AtScale group that you want to set runtime permissions for. Select or clear the applicable checkboxes.
Runtime Permission Description Query Users can issue SELECT statements against the cube. Create Table as Select (CTAS) Users can issue SELECT statements against the cube and write the results back to the data warehouse as a new table. -
Click Save.