By default, all roles assigned to the data model can see all hierarchies in the data model.
- Enable: Once a role is enabled for a specified hierarchy, it is also disabled for all other hierarchies; the role will only have access whichever hierarchies have been manually enabled.
- Disable: However, when a role is disabled for a selected hierarchy, the role remains enabled for all other hierarchies; the role will have access to all hierarchies in the data model, except those that for which it has been manually disabled.
Since attribute level security controls the selection of columns from a dimension (or table), it is sometimes referred to as "column level" security, because it allows developers to effectively control each column of data presented to end users. This is different to row level security.
Select the data model and open the Model Settings tab.
- Select a role from the Roles panel on the left.
- Select Enabled or Disabled from the drop down.
- Enable: enable the given hierarchies and disable hierarchies that are not selected for the given role.
- Disable: disable the given hierarchies, and leave the unselected hierarchies enabled for the selected role.
- From the Attribute Security panel, select the required hierarchies.
- Click Apply to save changes.
In the image below, the Education hierarchy is enabled for role 1; all other hierarchies will be disabled for this role:
In the example below, the Education hierarchy is disabled for the Samples role; all other hierarchies will remain enabled for this role: