Share via


Permissions (Role Interface)

Note

  This feature will be removed in the next version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible.

The Permissions property of the Role interface contains the role permissions for a specified key.

Applies To:clsCubeRole, clsDatabaseRole, clsMiningModelRole

Data Type

String

Access

Read-only

Remarks

The Permissions property contains nine permissions keys. The meaning of each key and its possible return values follow:

  • Access
    The Access key indicates what type of access the users assigned to the Role object have to the entire cube. Valid return values for the key are listed in the following table.

    Return value

    Description

    R

    The members of this role have read-only access to the cube.

    RW

    The members of this role have read/write access to the cube.

    This key is for use only with objects of ClassType clsCubeRole.

  • AllowDrillThrough
    The AllowDrillThrough key indicates whether the users assigned to the Role object can execute drillthrough queries on the cube. Valid return values for the key are listed in the following table.

    Return value

    Description

    True

    Drillthrough is allowed on this cube for members of this role.

    False

    Drillthrough is not allowed on this cube for members of this role. (Default)

    This key is for use only with objects of ClassType clsCubeRole.

  • AllowLinking
    The AllowLinking key indicates whether the users assigned to the Role object are allowed to link to the cube. Setting this property to False prevents users from creating linked cubes based on the cube.

    Value

    Description

    True

    Linking is allowed to this cube for members of this role. (Default)

    False

    Linking is not allowed to this cube for members of this role.

    This key is for use only with objects of ClassType clsCubeRole.

  • AllowSQLQueries
    The AllowSQLQueries key indicates whether the users assigned to the Role object are allowed to execute SQL SELECT queries against the cube. Setting this property to False prevents users from creating local cubes based on the cube or viewing cube data using an SQL SELECT statement.

    Value

    Description

    True

    SQL queries are allowed on this cube for members of this role. (Default)

    False

    SQL queries are not allowed on this cube for members of this role.

    This key is for use only with objects of ClassType clsCubeRole.

  • EnforcementLocation
    The EnforcementLocation key indicates whether security for the users assigned to the Role object is enforced on the server or on the client application. Valid return values for the key are listed in the following table.

    Return value

    Description

    Client

    Security is enforced on the client application for members of this role. (Default)

    Server

    Security is enforced on the server for members of this role.

    This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.

  • CellRead
    The CellRead key contains a logical Multidimensional Expressions (MDX) expression that identifies visible, readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

    This key is for use only with objects of ClassType clsCubeRole.

  • CellReadContingent
    The CellReadContingent key contains a logical MDX expression that identifies contingent-readable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

    This key is for use only with objects of ClassType clsCubeRole.

  • CellWrite
    The CellWrite key contains a logical MDX expression that identifies writable cells for the users assigned to the Role object. If no MDX expression is specified for the Role object, an empty string is returned.

    This key is for use only with objects of ClassType clsCubeRole.

  • Dimension:<dimension name>
    The Dimension key is used to specify dimension security options on a dimension, using a string value containing XML syntax. The syntax for the key includes the name of the dimension that will be secured by the role object. The Dimension key contains XML syntax that defines the read and write access of the members for the dimension. If no dimension security options are specified for the Role object, an empty string is returned.

    The XML syntax for the return value is detailed here:

    <MEMBERSECURITY
       [ IsVisible="<Boolean_string>"]
       [ DefaultMember="<allowed_member>"]
       [ VisualTotalsLowestLevel="<level_expression>"
    >
       <PERMISSION Access="Read"
          [ UpperLevel="<level_expression>"]
          [ LowerLevel="<level_expression>"]
          [ AllowedSet="<set_expression>"]
          [ DeniedSet="<set_expression>"]
          [ Description="<desc>"]
       />
       <PERMISSION Access="Write"
          [ UpperLevel="<level_expression>"]
          [ AllowedSet="<set_expression>"]
          [ Description="<desc>"]
       />
    </MEMBERSECURITY>
    

    The <Boolean_string> value can contain either "True" or "False". The <allowed_member> value contains the name of a single read-enabled member. The <level_expression> contains an MDX expression that returns a single level. The <set_expression> value contains an MDX expression that returns a set of members. The <desc> value contains a free-form text description of the permission.

    This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole.

Example

Use the following code to return a role object's permission string:

Dim strPerms As String
strPerms = RoleObject.Permissions("Access")