Access control

Access control in Cube involves authentication and authorization.

Authentication

Authentication determines if a user can access Cube.

Cube cloud platform provides built-in authentication mechanisms. Users are assigned roles and permissions that determine available features of the Cube platform.
Cube Core provides several authentication methods for its API endpoints.

Authorization

Authorization determines what data a user can access though Cube.

Authorization is managed declaratively via access policies, a built-in capability of Cube's data modeling layer. There are also programmatic controls for advanced use cases, such as the query_rewrite configuration parameter.

Cube cloud platform applies access policies to users based on their groups and attributes.
Cube Core applies access policies to users based on their groups derived from the security context. See the context_to_groups configuration parameter for details.

Joining data from multiple data sources Access policies