A thought experiment on writing rules for a cell security cube.
Usually we restrict the dimensionality in such a cube to the bare minimum, including Scenario / Version / Year / Period / Company / Measure.
We could have cube security for the main cube, element security on several dimensions, and cell security.
Also, often, we have a securty parameter cube where admin users can open or close periods for certain scenario/version combinations, or lock a scenario/version for all periods.
Let's assume we have empty cells, or NONE, or READ, or WRITE. Incidentally, these are in alphabetical order and also with increasing access to the objects.
I was thinking if the alphabetical order can play a role in our rules on the cell security cube. For example, here is a 2D test cube. Each column is a different 'comparison'. Like, S1 refers to CubeSecurity, and S2 refers to rights from the securtity parameter cube. Then we compare the cell contents:
Code: Select all
['S3'] = S: If( DB( 'test', !temp, 'S1' ) @<= DB( 'test', !temp, 'S2' ),
DB( 'test', !temp, 'S1' ),
DB( 'test', !temp, 'S2' ));
Or do you use the approach with }CubeSecurityProperties:
Any thoughts ?