Add Database Role Screen

This table explains items on the screen that may require additional information.

Screen Item	Description
Set the database permissions for this role	On the General tab, you can assign full control of the database to members of the database role, or you can place limits on their access. To grant full access and write permissions to change the objects in the data mart, select Full control (Administrator). To grant access to process database objects and to view metadata about the objects, select Process database. Users with this permission level cannot change dimensions and cubes or edit the data in them. To allow users to view metadata about database objects but to deny access to the data in the cube, select Read definition.
Membership tab	Enter the domain and user name for each member of the OLAP database role.
Cube Name	Select a cube to grant access rights.
Access	Select whether to assign read access or read/write access to the OLAP cube. By default, users cannot access any cube in the database.
Local Cube/Drillthrough Access	Select whether to allow users to create local cubes or to drill through the cube to more detailed data. Select “Drillthrough” to allow users to access detailed data within the cube but not to create local cubes. Select “Drillthrough and Local Cube” to allow users to do both. To create subsets of the OLAP cube with the OLAP Excel Reports feature, users must be able to create local cubes. These local cubes allow users to view data from the OLAP cube even when they are not connected to the server with the data.
Process	Select whether to allow users to manipulate the data in the cube.
Cell Data tab	Assign permissions to individual cells in the OLAP cube and enter MDX expressions to enforce cell-level security. To grant read-only access to the cells in the cube, select Enable read permissions. With read-only access, users can view the cells in the MDX expression. To grant read-contingent access to the sells in the cube, select Enable read-contingent permissions. With read-contingent access, users can view the cells in the MDX expression only if the database role has read permission on the cells they were derived from. To grant read/write access to the cells in the cube, select Enable read/write permissions. Members of the database role can view and update the cells in the MDX expression, but they also must have read/write permissions for the entire cube. In the box under each permission you select, enter an MDX expression to select the cells that the permissions apply to. For each cell, the MDX expression is calculated before the program displays the cell value. If the expression returns a value of true, the program displays the cell value. If it returns a value of false, the program does not display the cell value. Warning: To grant permissions on a subset of cube cells, you must include an MDX expression. If you assign cell-level permissions but do not include an MDX expression to specify the cells, the database role does not have permissions on any cells in the cube.
Dimensions tab	Filter the data that is available to members of the database role through the OLAP cube’s dimensions. In the Dimensions field, select a dimension, and in the Attribute hierarchy field, select one of its attributes. On the Basic tab, select the data to include in the dimension attribute. By default, the program includes all data in the attribute. To exclude data from the attribute, clear the checkboxes in the hierarchy. To exclude the entire attribute, select Deselect all members. The Advanced tab displays data about the data you filter in a dimension attribute. For Select all members on the Basic tab, any data you exclude appears under Denied member set. For Deselect all members, any data you include appears under Allowed member set. Any data that you cannot exclude from the attribute appears under Default member.