Creating a Group-Based Security Dimension
Before you start
Check if the dimension you plan to create the security dimension on has multiple hierarchies:
- If it has multiple hierarchies, they should share the same leaf level (the most granular level of the hierarchy). This ensures a relationship is automatically established for every hierarchy after you create a security dimension. To check if the hierarchies share a level, open the leaf level (indicated by a leaf icon) of each hierarchy in the dimension and check if the Query Name field is the same for each.
- If the hierarchies don't share a level, find one hierarchy's leaf level (indicated by a leaf icon). Click its ellipsis icon and select Duplicate. Duplicate it to each other hierarchy in the dimension. Then delete the old leaf levels from those other hierarchies.
Procedure
To add a group-based security dimension, first prepare the groups and the mappings, and then add the "group-to-attribute mapping" table.
Preparing groups and mappings
-
Outside the Design Center:
- In the data warehouse create a security dimension table; that is, "group-to-attribute mapping" table.
- Include in the table all group IDs associated with the users that run queries against the cube.
-
In the Design Center, go to Security > Groups and create groups that match the group IDs added to the "group-to-attribute mapping" table.
For details, see Creating AtScale Groups.
-
Go to Security > Mappings, and in the Directory Group to Group Mappings section map your Directory Group to the appropriate AtScale Group.
For details, see Granting Runtime Permission on Cubes to Groups of Externally-Authenticated Users.
Adding the table as a dataset
Now, go to your cube, and add the "group-to-attribute mapping" table as a dataset to your library of datasets:
- In the Library toolbar, click the Add New Security Dimension icon. The Create a Security Dimension window opens.
- Accept the suggested name for the dimension or change it. The suggest name is in this format: <existing dimension> Security
- Optionally, enter a description for the security dimension.
- In the Dataset field, select the dataset that you created from your mapping table.
- In the Column Containing Attribute Filter Keys field, select the column that you are adding security to.
- For the Lookup Rules field, choose the lookup rule. "None" will perform a join, whereas "Use filter Key" will look up the filter keys separately and use them in the dimension or fact query.
- In the Column Containing IDs field, select the column that contains the group ID.
- In the ID Type field, select Group.
- For the Scope setting, choose the scope of queries that the security dimension should apply to.
- Click Save. The new security dimension appears on the dimension canvas.
- Locate the attribute in the dimensional or fact dataset that you wish to secure and drag the attribute to the security dimension to open the Create a relationship dialog.
- Optionally change the left-hand dataset column, although if you chose the correct column in the previous step the correct column will be preselected for you.
- If you are on a dimension canvas, accept the default option of "Many-to-One"
- Click Save.