除了默认角色,每个多维数据集还有一个默认策略。
In addition to the default role, each cube has a default policy.
要限制角色可以访问的一个维度的多维数据集和成员,需要设计和部署一个安全模型。
To limit the cubes and members of a dimension that a role can access, you need to design and deploy a security model.
默认情况下,如果角色有权访问一个多维数据集,那么它也有权访问一个维度的所有成员。
A role that is allowed to access a cube is allowed to access all the members of a dimension by default.
默认角色和默认策略共同构成默认授权:多维数据集上针对没有显式访问规则的用户的隐式访问规则。
Together, the default role and default policy make up the default authorization: the implicit rule of access on the cube for users with no explicit rule of access.
和多维数据集一样,每个维度都有一个默认角色和策略。
Just as each cube has a default role and policy, each dimension has a default role and policy.
注意,分配了AllDenied策略的角色不会访问多维数据集的任何单元,因为该角色不能沿维度的任何成员分割多维数据集。
Note that any role that is assigned the All Denied policy will not have access to any cells of the cube, because the role cannot slice the cube along any member of the dimension.
AdministrationConsole提供两个视图查看存储库中的安全元数据:一个按多维数据集查看,另一个按角色查看。
The Administration Console provides two different views of the security metadata in the repository: one by cube and the other by role.
注意,图7中出现了一个名为defaultRole的角色。如果用户不属于在多维数据集上具有显式授权的角色,则该用户被视为默认角色的成员。
Note that a role called default role appears in Figure 7. Users who do not belong to a role with explicit authorization on the cube are considered to be members of the default role.
注意,图7中出现了一个名为defaultRole的角色。如果用户不属于在多维数据集上具有显式授权的角色,则该用户被视为默认角色的成员。
Note that a role called default role appears in Figure 7. Users who do not belong to a role with explicit authorization on the cube are considered to be members of the default role.
应用推荐