Attribute Security

Admins can set role security on specific hierarchies for a given data model. This allows admins to determine which roles should and shouldn't have VISIBLE access to specified hierarchies in the data model, which is an important aspect of governance.

By default, all roles assigned to the data model can see all hierarchies in the data model.

  • Enable: Once a role is enabled for a specified hierarchy, it is also disabled for all other hierarchies; the role will only have access whichever hierarchies have been manually enabled.
  • Disable: However, when a role is disabled for a selected hierarchy, the role remains enabled for all other hierarchies; the role will have access to all hierarchies in the data model, except those that for which it has been manually disabled.

Column Level Security

Since attribute level security controls the selection of columns from a dimension (or table), it is sometimes referred to as "column level" security, because it allows developers to effectively control each column of data presented to end users. This is different to row level security.

Setting Security for Hierarchies

Select the data model and open the Model Settings tab.

  1. Select a role from the Roles panel on the left.
  2. Select Enabled or Disabled from the drop down.
    • Enable: enable the given hierarchies and disable hierarchies that are not selected for the given role.
    • Disable: disable the given hierarchies, and leave the unselected hierarchies enabled for the selected role.
  3. From the Attribute Security panel, select the required hierarchies.
  4. Click Apply to save changes.

In the image below, the Education hierarchy is enabled for role 1; all other hierarchies will be disabled for this role:

In the example below, the Education hierarchy is disabled for the Samples role; all other hierarchies will remain enabled for this role: