Permission Programs |
Permission programs are programs that you write that give permission to users to access workspace data. When a user attaches an analytic workspace, Oracle OLAP checks to see if a permission program that is appropriate for the attachment mode exists. (The permission program for each attachment mode must have a particular name as outlined in Table: Names of Permission Programs for Different Attachment Modes.) When an appropriate permission program exists, Oracle OLAP executes the program. When a user specifies a password when attaching the analytic workspace, then the password is passed as an argument to the permission program for processing.
Names of Permission Programs for Different Attachment Modes
| Attachment Modes | Name of Program |
|---|---|
| Multiwriter, Read-only, and Read/write | ONATTACH
|
| Read-only | PERMIT_READ
|
| Read/write | PERMIT_WRITE
|
|
Note: A dimension surrogate has the access permissions of its dimension. Use a PERMIT on a dimension to grant or deny permission to access the values of a dimension surrogate for that dimension. |
Permission programs allow you to control two levels of access to the analytic workspace in which they reside.
Access at the analytic workspace level—Depending on the return value of the permission program, the user is or is not granted access to the entire analytic workspace. You can use the return value to indicate to Oracle OLAP whether or not the user has the right to attach the workspace.
Access at the object level—Depending on the statements in the permission program, the user is granted or denied access to specific objects or sets of object values. Within an ONATTACH program, you can use ACQUIRE statements to provide access to individual workspace objects. Within a permission program for read-only or read/write attachment, you can specify PERMIT statements that grant or restrict access to individual workspace objects.
|
Note: All of the objects referred to in a given permission program must exist in the same analytic workspace. |
To create a permission program, define a user-defined function (as described in "Creating User-Defined Functions") with one of the recognized names, then define the contents for the program as described in "Specifying Program Contents".