Skip Headers

Oracle9i OLAP Developer's Guide to the OLAP DML
Release 2 (9.2)
Part Number A95298-01
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback

Go to previous page Go to beginning of chapter Go to next page

Defining and Working with Analytic Workspaces, 7 of 9

Adding Security to an Analytic Workspace

An analytic workspace as an entity is protected with all of the security features built into the database. In addition, you can restrict access to specific workspace objects, or to an entire workspace, with permission programs.

Permission Programs

When a user attaches an analytic workspace, it is checked to see if it contains permission programs, which are called permit_read and permit_write. You do not have to create these programs; however, if they are present, then the appropriate one is automatically executed when a user attaches the analytic workspace.

IF the user attaches an analytic workspace with . . . THEN the following program is executed, if it exists . . .

read-only access,

permit_read program.

read/write access,

permit_write program.


Permission programs are executed before any AUTOGO program is executed. If a user specifies a password when attaching the analytic workspace, then the password is passed as an argument to the permission program for processing. The permission program can grant or restrict access to the entire workspace or to individual objects based on the password that has been provided. For example, in the following AW command, the sales workspace is attached with goldfinch as the password.

AW ATTACH sales PASSWORD goldfinch

Creating and Designing Permission Programs

To create permission programs, you define two programs with the names permit_read and permit_write. In these programs, you can specify PERMIT commands that grant or restrict access to individual workspace objects. In addition, you write these programs as user-defined functions that return a Boolean value, and the return value indicates to Oracle OLAP whether or not the user has the right to attach the workspace.

IF the program returns . . . THEN the analytic workspace . . .

YES

is attached.

NO

is not attached.


Thus, permission programs allow you to control two levels of access to the analytic workspace in which they reside.

Type of access

Description

Analytic workspace level

Depending on the return value of the permission program, the user is or is not granted access to the entire analytic workspace.

Object level

Depending on the PERMIT commands in the permission program, the user is granted or denied access to specific objects or sets of object values.

All of the objects referred to in a given permission program must exist in the same analytic workspace.


For example, using the PERMIT command, you can deny access to the salary variable to one group of users, and you can deny access to the tenure variable to another group of users. You can even specify that certain users cannot access a subset of the cells in the salary variable.If you have permission programs in more than one currently attached analytic workspace (and thus, multiple programs with the same name), then you must use their qualified object names when you edit them, to ensure that you are accessing the correct one.


See Also:

Chapter 7, "Developing Programs" for information on writing programs.
Go to previous page Go to beginning of chapter Go to next page
Oracle
Copyright © 2001, 2002 Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback