![]() Previous |
![]() Next |
Permission programs are programs that you write that give permission to users to access workspace data. When a user first attaches an analytic workspace, Oracle OLAP checks to see if a permission program that is appropriate for the attachment mode exists.
Note: When you reattach an attached workspace, Oracle OLAP does not look for and execute permission programs. |
The permission program for each attachment mode must have a particular name as outlined in Table: Names of Permission Programs for Different Attachment Modes.
Names of Permission Programs for Different Attachment Modes
Attachment Modes | Name of Program |
---|---|
Read-only |
|
Multiwriter, Read/write |
|
When an appropriate permission program exists, Oracle OLAP executes the program. When a user specifies a password when attaching the analytic workspace, then the password is passed as an argument to the permission program for processing.
Note: A dimension surrogate has the access permissions of its dimension. Use a PERMIT on a dimension to grant or deny permission to access the values of a dimension surrogate for that dimension. |
Permission programs allow you to control two levels of access to the analytic workspace in which they reside.
Access at the analytic workspace level—Depending on the return value of the permission program, the user is or is not granted access to the entire analytic workspace. You can use the return value to indicate to Oracle OLAP whether or not the user has the right to attach the workspace.
Access at the object level—Within a permission program for read-only or read/write attachment, you can specify PERMIT statements that grant or restrict access to individual workspace objects. PERMIT programs must be in the same workspace as the objects for which they issue PERMIT statements.
Note: All of the objects referred to in a given permission program must exist in the same analytic workspace. |
To create a permission program, define a user-defined function (as described in "Creating User-Defined Functions") with a recognized name, then define the contents for the program as described in "Specifying Program Contents".