Home > Securing the Data in Dimens... > About the Security of Dimen...
![]() Previous |
![]() Next |
Your company's data is a valuable asset. The information must be secure, private, and protected. Analytic data is particularly vulnerable because it is highly organized, easy to navigate, and summarized into meaningful units of measurement. When you use Oracle OLAP, your data has the security benefits of Oracle Database.
Because you have just one system to administer, you do not have to replicate basic security tasks such as these:
Creating user accounts
Creating and administering rules for password protection
Securing network connections
Detecting and eliminating security vulnerabilities
Safeguarding the system from intruders
The cornerstone of data security is the administration of user accounts and roles. Users open a connection with Oracle Database with a user name and password, and they have access to both dimensional and relational objects in the same session.
Users by default have no access rights to an analytic workspace or any other data type in another user's schema. The owner or an administrator must grant them, or a role to which they belong, any access privileges.
Oracle OLAP provides two types of security: Object security and fine-grained data security policies.
Object security provides access to dimensional objects. You must set object security before other users can access them. Object security is implemented using SQL GRANT
and REVOKE
. You can administer object security in SQL Developer.
Fine-grained data security policies control access to the data on a cellular level using Oracle Real Application Security of Oracle Database. This type of security is optional. You define data security policies only when you want to restrict access to specific areas of a cube. You can create data security policies in Analytic Workspace Manager.
Using both object security and data security, you can grant and revoke the following privileges:
Alter: Change the definition of a cube or dimension. Users need this privilege to create and modify a dimensional model.
Delete: Remove old dimension members. Users need this privilege to refresh a dimension.
Insert: Add new dimension members. Users need this privilege to refresh a dimension.
Select: Query the cube or dimension. Users need this privilege to query a view of the cube or dimension or to use the CUBE_TABLE
function. CUBE_TABLE
is a SQL function that returns the values of a dimensional object.
Update: Change the data values of a cube or the name of a dimension member. Users need this privilege to refresh a dimension or cube.
Users exercise these privileges either using SQL Developer to create and administer dimensional objects, or by using SQL to query them. They do not issue commands such as SQL INSERT
and UPDATE
directly on the cubes and dimensions.
For dimensional objects, you can manage security at these levels:
Dimension member
Dimension
Cube
Analytic workspace
View
The privileges are layered so that, for example, a user with SELECT
data security on Software products must also have SELECT
object security on the PRODUCT
dimension and the Global analytic workspace. Users also need SELECT
privileges on the views of the dimensional objects.
You administer security on views for dimensional objects the same as any other views in the database.