Setting the scope
The scope configuration provides a way to control when AtScale applies security dimension constraints.
Scope property
When creating a security dimension you should set the scope to one of the following values:
-
Related
Applies security constraint when the query selects any dimension or secondary attributes that have a path to the security dimension as long as no fact table is used. The security constraint is not applied to dimension-only queries that select multiple dimensions related through a fact table. See the red box on the figure below.
-
Fact
Applies to the same queries as Related but also applies to queries that include a measure from a fact table connected to the secure dimension (see the yellow box on the figure below). The security constraint is not applied to single-dimension-only queries that are related to the secured dimension via the fact table (Date and Store Location on the figure below). However, multi-dimension-only queries will have security applied because they are joined using a synthetic measure from the fact table that relates them (dashed yellow box on the figure below).
-
All
Every query will have the security dimension applied unless there is no path to the security dimension. This is the case with two separate fact tables, each with their own unrelated dimensions. See the green box on the figure below.
Example
The figure below illustrates a model consisting of factinternetsales
(a fact table), Product SKU
(dimension secured by a nested Product
Security Dimension), Date (unsecured dimension), and Store Location
(unsecured dimension).
Figure: Graphic Representation of Security Dimension Query Scopes
Given the model in this figure, the table below illustrates the application of the Product Security Dimension as either a "Yes" or "No" value for each example query and scope setting on the Product Security Dimension.
Table: How Security Dimension Scope Settings Affect Queries
Query selected attributes | Product Security Dim Scope = All | Product Security Dim Scope = Fact | Product Security Dim Scope = Related |
---|---|---|---|
Product SKU | Yes | Yes | Yes |
Product SKU secondary attributes | Yes | Yes | Yes |
Date | Yes | No | No |
Store Location | Yes | No | No |
Date, Store Location | Yes | Yes | No |
Sum(SalesAmount) | Yes | Yes | No |
Sum(SalesAmount), Date, Store Location | Yes | Yes | No |
Sum(SalesAmount), Date, Product SKU | Yes | Yes | Yes |
Notes on Security Dimension Scope
- Degenerate dimensions (dimensions derived from a fact table) behave the same way as standard dimensions with respect to the scope setting of "Fact". Therefore a dimension-only query to a degenerate dimension will not have its contents filtered by a secured dimension connected to the fact table (for example, Product SKU on the figure above).
- Security constraints for all scopes does not apply to queries run against unconnected fact datasets, or their dimensions.