Setting Application and Database Minimum Permissions in Essbase Native Security Mode

Minimum database access permissions can be specified at the application or database level. If specified for an application, minimum database access permissions apply to all databases within the application. When a minimum permission is set to a level higher than None (or No Access) for an application or database, all users inherit that permission to access the database or databases.

For example, if an application has read permission assigned as the minimum database access level, all users can read any database within that application, even if their individual permissions do not include read access. Similarly, if a database has a minimum permission setting of None, only users with sufficient granted permissions (granted directly or implied by filters or group membership) can gain access to the database.

Users with Administrator, Application Manager, or Database Manager permissions are not affected by minimum permission settings applied to applications or databases they own. Administrators have full access to all resources, and Application Managers and Database Managers have full access for their applications or databases.

Users and groups with lower than the minimum permissions inherit at least the minimum permissions for any applications or databases.

Changes to the minimum permission settings for applications affect only those databases that have lower minimums. In other words, settings defined at a lower level take precedence over more global settings.

The permissions listed in Table 124 are available as minimum settings for applications and databases. Databases of an application inherit the permissions of the applications whenever the application permissions are set higher than those of the database.

Table 124. Minimum Permission Settings Available for Applications and Databases

Permission

Description

None

Specifies that no minimum permission has been defined for the application or database. None is the default global permission for newly created applications and databases.

Read

Specifies read-only access to any artifact or data value in the application or database. Users can view files, retrieve data values, and run report scripts. Read access does not permit data-value updates, calculations, or outline modifications.

Write

Specifies Update access to any data value in the databases of the application, or in one database. Users can view Essbase files, retrieve and update data values, and run report scripts. Write access does not permit calculations or outline modifications.

Metaread

Gives read access to the specified members but hides data for their ancestors and hides data and metadata for their siblings.

Calculate

Specifies Calculate and update access to any data value in the databases of the application, or in one database. Users can view files, retrieve, update, and perform calculations based on data values, and run report and calculations scripts. Calculate access does not permit outline modifications.

Designer (for Application or Database)

Specifies Calculate and update access to any data value in the databases of the application, or in one database. In addition, Designer permission enables users to view and modify the outline and files, retrieve, update, and perform calculations based on data values, and run report and calculation scripts.

Note:

Although any user with a minimum of read access to a database can start the database, only an Administrator, a user with Application Manager permission for the application, or a user with Database Manager permission for the database can stop the database.

  To set minimum permissions for an application, use a tool:

Tool

Topic

Location

Administration Services

Setting Minimum Permissions for Applications

Oracle Essbase Administration Services Online Help

MaxL

alter application

Oracle Essbase Technical Reference

  To set minimum permissions for a database, use a tool:

Tool

Topic

Location

Administration Services

Setting Minimum Permissions for Databases

Oracle Essbase Administration Services Online Help

MaxL

alter database

Oracle Essbase Technical Reference