Essbase system privileges are indivisible database access types. In MaxL, privileges are grouped together to form permission-sets called roles. With the exception of create_user and create_application, privileges themselves are not grantable using MaxL; you typically grant roles, which are the equivalent of privilege levels. The scope of a role can be the system, the application, or the database.
While one privilege does not imply another, roles are hierarchical. The following table illustrates the Essbase system privileges that are contained in each MaxL system role.
| Privileges and Roles | read | write | calculate | manage database | create database | start application | manage application | create/drop application | create/drop user |
|---|---|---|---|---|---|---|---|---|---|
| no access | . | . | . | . | . | . | . | . | . |
| read |  | . | . | . | . | . | . | . | . |
| write | | | . | . | . | . | . | . | . |
| execute | | | | . | . | . | . | . | . |
| manager (database) | | | | | . | . | . | . | . |
| manager (application) | | | | | | | | . | . |
| administrator | | | | | | | | | |