1. Scripting Reference for Oracle Essbase
  2. MaxL
  3. MaxL Definitions
  4. Privileges and Roles
  5. Database-Level System Roles

Database-Level System Roles

Database-level system roles are access permissions applicable to Essbase cubes. Minimum permissions can be set at the application or cube level, affecting all users and groups. Permissions can also be granted to individual users or groups, if Essbase uses EPM Shared Services security mode.

Minimum Cube Permissions

Database-level system roles are minimum access permissions you can set for Essbase cubes. The following roles have a database-wide scope and are available when assigning minimum database permissions:


Database system roles that are settable as minimum cube permission include no_access, read, write, execute, and manager

  • no_access—No access to the cube (if assigned using alter database) or to any cubes in the application (if assigned using alter application).

  • read—Read-only access to the cube (if assigned using alter database) or to all cubes in the application (if assigned using alter application). Read access means ability to view files, retrieve data values, and run report scripts.

  • write—Write access to the cube (if assigned using alter database) or to all cubes in the application (if assigned using alter application). Write access means ability to update data values, in addition to having Read access.

  • execute—Calculate access to the cube (if assigned using alter database) or to all cubes in the application (if assigned using alter application). Calculate access means ability to update data values, in addition to having Read and Write access.

  • manager—Manager access to the cube (if assigned using alter database) or to all cubes in the application (if assigned using alter application). Manager access means ability to modify cube outlines, in addition to having Read and Write access.

Permissions Grantable to Users and Groups

The following database-level system roles are available for granting to users and groups, only if Essbase uses EPM Shared Services security mode.


Database system roles that are settable as minimum cube permission include no_access, read, write, and manager

  • no_access—No access to the cube.

  • read—Read-only access to the cube. Read access means ability to view files, retrieve data values, and run report scripts.

  • write—Write access to the cube. Write access means ability to update data values, in addition to having Read access.

  • manager—Manager access to the cube. Manager access means ability to modify cube outlines, in addition to having Read and Write access.