Applies data security to hierarchy members
Sets member-level security on a specific attribute hierarchy in a specific data model for the given role.
Method
/API3/dataSources/addMembersSecurity
- API Section: /API3/dataSources
- API Version: 3.0
- From Release: 2023.10
- Usage: REST API and Client SDK libraries. REST APIs via POST actions only.
- Usage by:
- Enterprise Admin
Method Signature
Input Parameters
Name
membersSecurityObject
Object Type
MembersSecurityApiObjectDescription
The details of the security settings for the hierarchy's member elements.
Output Response
Successful Result Code
200
Response Type
Description of Response Type
Generic API response object with success or failure flag and related messages.
Notes
Security settings can only be applied either by specific member name (as a list) or via a PQL logical 'script' that generates a list of member elements. The function should be supplied with either member listing or script. NOT BOTH.
Examples
Setting Data Model Security (JavaScript):
This example demonstrates how to set hierarchy, measure adn member level security in a data model programmatically.
The example uses API authentication driven from JavaScript. See Authentication APIs for alternatives.
// URL of the Pyramid installation and the path to the API 3.0 REST methods
var pyramidURL = "http://mysite.com/api3/";
// step 1: authenticate admin account and get token
// NOTE: callApi method is a generic REST method shown below.
let token = callApi("authentication/authenticateUser",{
"userName":"adminUser",
"password":"abc123!"},
"",false);
log("got token "+token);
//get database's system ID
let databaseId = database[0].itemId
//step 2: find model by name for the chosen database
let model= callApi("dataSources/findModelConnection",{
"serverSearchCriteria":{
"searchValue":"Pyramid IMDB"
},
"databaseSearchCriteria":{
"searchValue":"PyramidDemo"
},
"modelSearchCriteria":{
"searchValue":"PyramidDemo"
}
},token);
//get model's system ID
let modelId = model[0].modelId
//step 3: find role by name
let role= callApi("access/findRoles",{
"searchValue":"role 1"
},token);
//get role's system ID
let roleId = role[0].roleId
//step 4A: adding member security to the model by specific selection
// set this role to see 2009 and 2010 (and by definition hide any other year)
let addMembersSecurityToModel= callApi("dataSources/addMembersSecurity",{
"modelId":modelId,
"roleId":roleId,
"enableMode": true,
"hierarchyUniqueName": "[Date].[year]", //this is the unique name of the parent hierarchy
"members":["2009", "2010"] //list of members (using their captions)
},token);
//step 4B: adding member security to the model by script
// set this role to see any country where the non empty cross join
// to the 'user' column in the 'security' table matches the logged in user's username (using the username function)
let addMembersSecurityToModel= callApi("dataSources/addMembersSecurity",{
"modelId":modelId,
"roleId":roleId,
"enableMode": true,
"hierarchyUniqueName": "[Geography].[Country]", //this is the unique name of the parent hierarchy
"script":"NonEmpty([Geography].[Country].AllMembers, {StrToMember([Security].[User],UserName())})" //logical PQL script for defining a list of members
},token);
//step 4C: adding member security to the model by script
// set this role to see any records in the model where it is inherently filtered (inner joined)
// against the value of the currently logged in user's name in the 'userIds' column in the 'Org' table (from the username function)
let addMembersSecurityToModel= callApi("dataSources/addMembersSecurity",{
"modelId":modelId,
"roleId":roleId,
"enableMode": true,
"hierarchyUniqueName": "[Security].[User]", //this is the unique name of the parent hierarchy
"script":"StrToMember([Org].[UserIds],UserName())" //logical PQL script for defining a list of members
},token);
//step 5: adding hierarchy security to the model
// set this role to NOT see the state hierarchy in the customer dimension/table
let addHierarchySecurityToModel= callApi("dataSources/addHierarchySecurity",{
"modelId":modelId,
"roleId":roleId,
"enableMode": false,
"uniqueNames": ["[Customer].[State]"] //this is the unique name of the hierarchy, in a list
},token);
//step 6: adding measure security to the model
// set this role to see the the cost measure in the model (and by definition to hide all other measures)
let addMeasureSecurityToModel= callApi("dataSources/addMeasureSecurity",{
"modelId":modelId,
"roleId":roleId,
"enableMode": true,
"uniqueNames": ["[measures].[Cost]"] //this is the unique name of the measure, in a list
},token);
// ##### optional generic login method for debugging ##############
function log(msg){
document.write(msg);
console.log(msg);
}
// ##### generic REST API calling method ##############
function callApi(path,data,token="",parseResult=true){
var xhttp = new XMLHttpRequest();
xhttp.open("POST", pyramidURL+path, false);
xhttp.setRequestHeader("paToken",token)
xhttp.send(JSON.stringify(data));
if(parseResult){
return JSON.parse(xhttp.responseText);
}else{
return xhttp.responseText;
}
}
Code Snippets
Use the Authentication API methods to generate an access 'key' or 'token' for use in code as shown below.
TypeScript
Curl
Java
C#
Python
PHP
curl -X POST \
-H "paToken: [[apiKey]]" \
-H "Accept: application/json,application/json;charset=utf-8,text/plain,text/plain;charset=utf-8" \
-H "Content-Type: application/json" \
"http://Your.Server.URL/API3/dataSources/addMembersSecurity" \
-d '{
"enableMode" : true,
"modelId" : "modelId",
"roleId" : "roleId",
"members" : [ "members", "members" ],
"script" : "script",
"visualTotals" : true,
"hierarchyUniqueName" : "hierarchyUniqueName"
}'
import com.pyramidanalytics.*;
import com.pyramidanalytics.auth.*;
import com.pyramidanalytics.model.*;
import com.pyramidanalytics.api.DataSourcesServiceApi;
import java.util.*;
import java.time.*;
public class DataSourcesServiceApiExample {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("http://Your.Server.URL/");
// Configure API key authorization: paToken
ApiKeyAuth paToken = (ApiKeyAuth) defaultClient.getAuthentication("paToken");
paToken.setApiKey("YOUR API KEY");
// Uncomment the following line to set a prefix for the API key, e.g. "Token" (defaults to null)
//paToken.setApiKeyPrefix("Token");
// Create an instance of the API class
DataSourcesServiceApi apiInstance = new DataSourcesServiceApi();
// Initialize the membersSecurityObject parameter object for the call
MembersSecurityApiObject membersSecurityObject = ; // Create the input object for the operation, type: MembersSecurityApiObject
try {
ModifiedItemsResult result = apiInstance.addMembersSecurity(membersSecurityObject);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling DataSourcesServiceApi#addMembersSecurity");
e.printStackTrace();
}
}
}
import * as PyramidAnalyticsWebApi from "com.pyramidanalytics";
// Create an instance of the API class
const api = new PyramidAnalyticsWebApi.DataSourcesServiceApi("http://Your.Server.URL")
// Configure API key authorization: paToken
api.setApiToken("YOUR API KEY");
const membersSecurityObject = ; // {MembersSecurityApiObject}
api.addMembersSecurity(membersSecurityObject).then(function(data) {
console.log('API called successfully. Returned data: ' + data);
}, function(error) {
console.error(error);
});
using System;
using System.Diagnostics;
using PyramidAnalytics.Sdk.Api;
using PyramidAnalytics.Sdk.Client;
using PyramidAnalytics.Sdk.Model;
public class addMembersSecurityExample
{
public static void Main()
{
Configuration conf = new Configuration();
conf.BasePath = "http://Your.Server.URL/";
// Configure API key authorization: paToken
conf.ApiKey.Add("paToken", "YOUR_API_KEY");
// Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
// conf.ApiKeyPrefix.Add("paToken", "Bearer");
GlobalConfiguration.Instance = conf;
// Create an instance of the API class
var apiInstance = new DataSourcesServiceApi();
// Initialize the membersSecurityObject parameter object for the call
var membersSecurityObject = new MembersSecurityApiObject(); // MembersSecurityApiObject |
try {
// Sets member-level security on a specific attribute hierarchy in a specific data model for the given role.
ModifiedItemsResult result = apiInstance.addMembersSecurity(membersSecurityObject);
Debug.WriteLine(result);
} catch (Exception e) {
Debug.Print("Exception when calling DataSourcesServiceApi.addMembersSecurity: " + e.Message );
}
}
}
import com.pyramidanalytics
from com.pyramidanalytics import ApiException
from com.pyramidanalytics import DataSourcesServiceApi
from pprint import pprint
# Configure API key authorization: paToken
api_config = com.pyramidanalytics.Configuration(host = 'http://Your.Server.URL/', api_key={ paToken:'YOUR_ACCESS_TOKEN' })
with com.pyramidanalytics.ApiClient(api_config) as api_client:
# Create an instance of the API class
api_instance = DataSourcesServiceApi(api_client)
# Initialize the membersSecurityObject parameter object for the call
membersSecurityObject = # MembersSecurityApiObject |
try:
# Sets member-level security on a specific attribute hierarchy in a specific data model for the given role.
api_response = api_instance.add_members_security(membersSecurityObject)
pprint(api_response)
except ApiException as e:
print("Exception when calling DataSourcesServiceApi->addMembersSecurity: %s\n" % e)<?php
require_once(__DIR__ . '/vendor/autoload.php');
OpenAPITools\Client\Configuration::getDefaultConfiguration()->setHost('http://Your.Server.URL');
// Configure API key authorization: paToken
OpenAPITools\Client\Configuration::getDefaultConfiguration()->setApiKey('paToken', 'YOUR_API_KEY');
// Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
// OpenAPITools\Client\Configuration::getDefaultConfiguration()->setApiKeyPrefix('paToken', 'Bearer');
// Create an instance of the API class
$api_instance = new OpenAPITools\Client\Api\DataSourcesServiceApi();
$membersSecurityObject = ; // MembersSecurityApiObject |
try {
$result = $api_instance->addMembersSecurity($membersSecurityObject);
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling DataSourcesServiceApi->addMembersSecurity: ', $e->getMessage(), PHP_EOL;
}
?>