Permissions on Cubes for Groups of Local Users

You can grant runtime permissions on published cubes to AtScale groups that consist of locally-authenticated users.

About this task

Runtime permissions allow users to query published cubes from client BI software and to create tables from SELECT statements on cubes. You can grant these permissions to groups of AtScale users who are managed by means of AtScale's embedded LDAP server. By granting these permissions to groups, you can grant them to multiple users at a time.

The runtime permissions allow users in the groups to query published versions of a cube and to create tables from SELECT statements on published versions of a cube. The tables are created in your data warehouse.

  • If you are using Google BigQuery, the tables are created directly in BigQuery.
  • If you are using a Hadoop cluster, the tables are created in the Hive metastore.


Use AtScale's local directory service for testing only. Do not use it in production environments. This directory service is not meant to support the types of workloads that are common to production environments. Before using AtScale in production, configure your AtScale organization to use an external directory service, such as Microsoft Active Directory, another LDAP service, or Google G Suite Directory.

Before you begin


  1. In the main navigation bar, click Projects.

  2. Click the project you want to modify, then click the cube you want to edit permissions for.

  3. On the cube page, select Security > Runtime Permissions. The Cube Runtime Permissions dialog box opens.

  4. Enable the Restrict Access toggle.

  5. Optionally, enable the Enforce Restricted Access to Simple & Calculated Measures toggle.

  6. In the Groups list, expand the groups you want to set permissions for, and enable/disable the following permissions as needed.

    Runtime PermissionDescription
    Create Table as Select (CTAS)Users can issue SELECT statements against the cube and write the results back to the data warehouse as a new table.
    QueryUsers can issue SELECT statements against the cube.
    Access All MeasuresOnly available when Enforce Restricted Access to Simple & Calculated Measures is enabled. When selected, users can access all measures in the cube.

    Alternatively, you can configure access to specific measures by selecting the checkboxes next to the folders and individual measures in the list. You can also use the text box to filter for specific measures, then click the Check All Displayed button to enable access to just the matching measures.

    Note: This functionality is not availale for secondary metrical attributes.
  7. Click Save.


You must publish the cube for any changes to its runtime permissions to take effect.