POLICYTITLE = "Restricted Data And Catalogs". /* Same as "Default Policy", but provides protection on catalogs (and other objects) defined as restrictedObject. */ /* Only specialUser can access restrictedObject. */ /* guestuser or users that are not logged in can browse and search metadata. */ /* authorisedUser can perform statistical operations on studies and cubes and create/delete derived variables. */ /* fullauthorisedUser can download data or subsets of data. */ /* publisher can publish metadata and data. */ /* administrator can perform any operation. */ HIERARCHY USERS guestuser. authorisedUser. specialUser EXTENDS authorisedUser. fullauthorisedUser EXTENDS authorisedUser. publisher EXTENDS fullauthorisedUser, specialUser. administrator EXTENDS publisher. END HIERARCHY OBJECTS common.Server. common.Statement. faster.Catalog. faster.Cube. faster.Study. faster.Variable. restrictedObjects. /* The next line when uncommented will restrict access to the catalog with id "Catalog1" */ /* "Catalog1" is faster.Catalog, restrictedObjects. */ END HIERARCHY PROJECTS END HIERARCHY PURPOSES END HIERARCHY USE access. analize EXTENDS access. Breakdown EXTENDS analize. Correlation EXTENDS analize. CreateDerivedVariable EXTENDS analize. Datalist EXTENDS analize. Descriptive EXTENDS analize. Frequency EXTENDS analize. GFrequency EXTENDS analize. MultipleRegression EXTENDS analize. Tabulation EXTENDS analize. XBreak EXTENDS analize. GetDerivedVariable EXTENDS analize. GetDerivedVariables EXTENDS GetDerivedVariable. browse EXTENDS access. FindDDIVariables EXTENDS browse. GetBackVersionClient EXTENDS browse. GetBackVersionPublisher EXTENDS browse. GetDDI EXTENDS browse. GetDDISkeleton EXTENDS browse. GetDDIVariable EXTENDS browse. GetFileURL EXTENDS browse. GetHome EXTENDS browse. GetVersion EXTENDS browse. GetWeightVariables EXTENDS browse. Login EXTENDS browse. Subscribe EXTENDS browse. SubscribeResource EXTENDS Subscribe. SubscribeResourceFromClient EXTENDS Subscribe. Unsubscribe EXTENDS Subscribe. UnsubscribeResource EXTENDS Subscribe. UnsubscribeUser EXTENDS Subscribe. retrieve EXTENDS browse. toRDF EXTENDS retrieve. see EXTENDS retrieve. basicObjRDF EXTENDS see. search EXTENDS access. FastQuery EXTENDS search. PathsTo EXTENDS search. Query EXTENDS search. RangeQuery EXTENDS search. admin. Reboot EXTENDS admin. SaveFile EXTENDS admin. SaveWebFile EXTENDS admin. Shutdown EXTENDS admin. Update EXTENDS admin. download. Subset EXTENDS download. modify. GetOrphans EXTENDS modify. Import EXTENDS modify. ImportBy EXTENDS modify. publish EXTENDS modify. AddDataFile EXTENDS publish. AddDataFileBy EXTENDS publish. AddDataset EXTENDS publish. ModifySchedule EXTENDS publish. PublishFile EXTENDS publish. addCube EXTENDS publish. addStudy EXTENDS publish. create EXTENDS publish. setAccessConditions EXTENDS publish. setDocAuthEntity EXTENDS publish. Delete EXTENDS modify. Remove EXTENDS Delete. RemoveStatement EXTENDS Delete. GetReport. GetFile. END RULES administrator CAN use objects. publisher CAN use objects UNLESS action=admin. /* users can search catalogs and studies */ users CAN search faster.Catalog. users CAN search faster.Study. users CAN PathsTo common.Server. /* users can browse metadata */ users CAN browse objects. /* authorised users can access (analyze) objects */ authorisedUser CAN access objects. /* authorised users can query cubes */ authorisedUser CAN Query faster.Cube. /* full authorised users can download objects or part of them*/ fullauthorisedUser CAN download objects. /* authorised users can modify statements: this rules is needed for cube publishing */ authorisedUser CAN use common.Statement UNLESS action=Delete. /* publisher users can create objects */ publisher CAN publish objects. /* users can use objects created by themselves */ users CAN use objects IF objects/creator = user/id. /* only specialUser can use objects of type restrictedObjects **/ users CAN use restrictedObjects ONLY IF user = specialUser.