SetPermissions (Role Interface)
Note
This feature will be removed in the next version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible.
The SetPermissions method of the Role interface sets role permissions for a given key.
Applies To:clsCubeRole, clsDatabaseRole, clsMiningModelRole
Syntax
bRet = object.SetPermissions(ByVal Key As String, ByVal PermissionExpression As String)
Parameters
bRet
A Boolean variable that receives the completion status of the operation: True if it was completed successfully, False otherwise.object
The role object on which to set permissions.Key
String containing the permission key.PermissionExpression
String containing the permission expression for the corresponding key.
Remarks
The Permissions property contains nine permissions keys. The meaning of each key and its possible PermissionExpression string values follow:
Access
The Access key indicates what type of access the users assigned to the Role object have to the entire cube. Valid PermissionExpression values for the key are listed in the following table.Value
Description
R
The members of this role have read-only access to the cube. (Default)
RW
The members of this role have read/write access to the cube.
This key is for use only with objects of ClassType clsCubeRole.
AllowDrillThrough
The AllowDrillThrough key indicates whether the users assigned to the Role object can execute drillthrough queries on the cube.Value
Description
True
Drillthrough is allowed on this cube for members of this role.
False
Drillthrough is not allowed on this cube for members of this role. (Default)
This key is for use only with objects of ClassType clsCubeRole.
AllowLinking
The AllowLinking key indicates whether the users assigned to the Role object are allowed to link to the cube. Setting this property to False prevents users from creating linked cubes based on the cube.Value
Description
True
Linking is allowed to this cube for members of this role. (Default)
False
Linking is not allowed to this cube for members of this role.
This key is for use only with objects of ClassType clsCubeRole.
AllowSQLQueries
The AllowSQLQueries key indicates whether the users assigned to the Role object are allowed to execute SQL SELECT queries against the cube. Setting this property to False prevents users from creating local cubes based on the cube or viewing cube data using an SQL SELECT statement.Value
Description
True
SQL queries are allowed on this cube for members of this role. (Default)
False
SQL queries are not allowed on this cube for members of this role.
This key is for use only with objects of ClassType clsCubeRole.
EnforcementLocation
The EnforcementLocation key indicates whether security for the users assigned to the Role object is enforced on the server or on the client application.Value
Description
Client
Security is enforced on the client application for members of this role. (Default)
Server
Security is enforced on the server for members of this role.
This key is for use only with objects of ClassType clsDatabaseRole and ClassType clsCubeRole. If set on a database role object, the PermissionExpression value becomes the default value for all cube roles contained in the database.
CellRead
The CellRead key identifies visible, readable cells for the users assigned to the Role object. The PermissionExpression value contains a logical Multidimensional Expressions (MDX) expression, to be evaluated against a cell.This key is for use only with objects of ClassType clsCubeRole.
CellReadContingent
The CellReadContingent key identifies contingent-readable cells for the users assigned to the Role object. The PermissionExpression value contains a logical MDX expression, to be evaluated against a cell.This key is for use only with objects of ClassType clsCubeRole.
CellWrite
The CellWrite key identifies writable cells for the users assigned to the Role object. The PermissionExpression value contains a logical MDX expression, to be evaluated against a cell. A writable cell is considered readable by default.This key is for use only with objects of ClassType clsCubeRole.
Dimension:<dimension name>
This key is used to specify dimension security options on a dimension, using a string value containing XML syntax. The syntax for the key includes the name of the dimension that will be secured by the role object. This key can be set for objects of ClassType clsDatabaseRole and ClassType clsCubeRole. If set on a database role object, the PermissionExpression value becomes the default value for all cube roles contained in the database.The XML syntax for the PermissionExpression value is detailed here:
<MEMBERSECURITY [ IsVisible="<Boolean_string>"] [ DefaultMember="<allowed_member>"] [ VisualTotalsLowestLevel="<level_expression>" > <PERMISSION Access="Read" [ UpperLevel="<level_expression>"] [ LowerLevel="<level_expression>"] [ AllowedSet="<set_expression>"] [ DeniedSet="<set_expression>"] [ Description="<desc>"] /> <PERMISSION Access="Write" [ UpperLevel="<level_expression>"] [ AllowedSet="<set_expression>"] [ Description="<desc>"] /> </MEMBERSECURITY>
The <Boolean_string> value can contain either "True" or "False". The <allowed_member> value contains the name of a single read-enabled member. The <level_expression> contains an MDX expression that returns a single level. The <set_expression> value contains an MDX expression that returns a set of members. The <desc> value contains a free-form text description of the permission.
Example
Use the following code to set permissions on an object of ClassType clsCubeRole:
'Assume an object (dsoCubeRole) of ClassType clsCubeRole exists
'Set a read-only permission
dsoCubeRole.SetPermissions "Access", "R"
'Set a read-write permission
dsoCubeRole.SetPermissions "Access", "RW"