The following subset of database-level system roles may be granted or revoked using filters.
no_access—No access to the database.
read—Read-only access to the database. Read access means ability to view files, retrieve data values, and run report scripts.
write—Write access to the database. Write access means ability to update data values, in addition to having Read access.
meta_read—Restricted access to sibling and ancestral metadata (dimensions and members). In case of a filtering conflict, the MetaRead filtering overrides the other filter permissions. For more information about metatdata filtering, see Metadata Filtering.
Note: | After granting permissions using a filter, the permission can be revoked by subsequently granting no_access to the database. However, to prevent users from being able to load the application, you should also grant no_access at the application level. For example: |
/* Grant read permission on a database, using a filter */ grant filter Sample.basic.filter8 to user1; /* Revoke the filter, removing read permission on the database */ grant no_access on database Sample.Basic to user1; /* Revoke read permission at the application level, to remove application-startup permission */ grant no_access on application Sample to user1;