MicroStrategy ONE

Add Group ACE statement

Adds a new ACE (Access Control Entry) to a user group's ACL (Access Control List).

Copy 
ADD ACE FOR GROUP "ace_group_name" (USER "user_name" | GROUP "group_name") ACCESSRIGHTS 
 (VIEW | MODIFY | FULLCONTROL | DENIEDALL | DEFAULT | CUSTOM [GRANTgrant_accessright1 [, 
 ... grant_accessrightN]] 
 [DENY deny_accessright1 [, 
 ... deny_accessrightN]]) 
 CHILDRENACCESSRIGHTS (VIEW | MODIFY | FULLCONTROL | DENIEDALL | DEFAULT 
 | CUSTOM [GRANT grant_accessright1  [, 
 ... grant_accessrightN]] 
 [DENY deny_accessright1 [, 
 ... deny_accessrightN]]);

where:

  • GROUP "ace_group_name" is the name of the group for which an ACE is to be added, of type string.

  • USER "user_name" is the login name of the user to be assigned to the new ACE, of type string.

  • GROUP "group_name" is the login name of the group to be assigned to the new ACE, of type string.

  • ACCESSRIGHTS indicates what access rights to grant or deny:

    • VIEW grants View rights: BROWSE, READ, USE, EXECUTE.

    • MODIFY grants Modify rights: BROWSE, READ,WRITE, DELETE, USE, EXECUTE.

    • FULLCONTROL grants all rights.

    • DENIEDALL explicitly denies all rights.

    • DEFAULT neither grants nor denies rights; all rights are inherited from groups.

    • CUSTOM allows you to specify which rights are granted and denied:

      • GRANT grant_accessright1..N is the access right (or list of access rights) to be granted to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.

      • DENY deny_accessright1..N is the access right (or list of access rights) to be denied to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.

  • CHILDRENACCESSRIGHTS indicates what access rights to grant or deny to this group's children, as for ACCESSRIGHTS.

Example

Copy 
>ADD ACE FOR GROUP "Managers" USER "PChang" 
 ACCESSRIGHTS FULLCONTROL CHILDRENACCESSRIGHTS MODIFY;