Read Only cubes and data readers

If a cube is read only as configured on the Database Security for a database profile is it so that in a procedure that clears will work (clearing all cube data regardless of entity access the user may have) but that data reader will not load anything into the cube? We are seeing this behavior but somehow I'm surprised by it. Thought it would just always clear and read all data in and that read only had only to do with whether user can input data into that cube on a screen. Would someone please make this clear? 

1. Whether or not database security read only a user's ability to clear a cube through a procedure. 

2. Whether or not database security read only affects a user's ability to run a data reader through a procedure and load all data into a cube (regardless of any data selection they may either be restricted to or have made on the screen through selections).  

3. Would a user's security data selection and/or selections they make on a screen affect either clearing or running a data reader even in case where security on cube is "OK" (that is not Read Only)? 

The data readers I am referring to are SQL data readers. 

Thank you, 

Peter

Tagged:

Accepted Answer

  • Alexander Kappes
    Alexander Kappes Employee
    Fourth Anniversary 250 Likes 100 Comments 5 Answers
    edited June 2022 Answer ✓

    Dear Peter DeGregorio,

     

    thanks for your request.

     

    According to your questions:

     

    1. You are right. A procedure is able to clear also read only cubes.

    2. You are also right. Cubes set to read only are not allowed to be loaded with datareaders.

    3. Depends to the design of your procedure. By default the Selection from the screen called the procedure is ignored for datareaders. But you are able to tick "Use Current Selection" for Datareader. When this Option is checked the reader is running in the selection context of the screen calling.

     

    image

     

    By default and each time, the Selection performed for the User in his Database Security Profile is working and the user is not able to load or see data outside his security profiles definition.

     

    My personal suggestions:

     

    1. Cubes with "read only" option for the "standard" Database Security Profiles shouldn´t been loaded or cleared inside procedures triggered from screens / users.

    2. When you need end users to load data outside their security profile (just for selections), you can use "run as Administrator" function. image

    but please be carefull with the procedure design, that your users only can see data inside the database which they are allowed to, with this function you can also provide them with "forbidden" data.

     

    Hope it helps. 

     

    regards

     

    Alexander Kappes

Answers

  • Alexander Kappes as you said for first question  A procedure is able to clear also read only cubes. If he is clearing a cube means he is overriding the cube. it should not allow the user to do this action as cube is in read only mode. .

     

    Please let me know if my understanding is correct or not ?

     

    Regards,

    Sanjay

  • Alexander Kappes thanks very much for your detailed and clear answer I really appreciate it.