ContextQMD
Back to Cube

Access Control

docs-mintlify/docs/data-modeling/access-control/index.mdx

1.6.431.6 KB
Original Source

Access control

Access control in Cube involves authentication and authorization.

Authentication

Authentication determines if a user can access Cube.

  • Cube cloud platform provides built-in authentication mechanisms. Users are assigned roles and permissions that determine available features of the Cube platform.
  • Cube Core provides several authentication methods for its API endpoints.

Authorization

Authorization determines what data a user can access though Cube.

Authorization is managed declaratively via access policies, a built-in capability of Cube's data modeling layer. There are also programmatic controls for advanced use cases, such as the query_rewrite configuration parameter.

  • Cube cloud platform applies access policies to users based on their groups and attributes.
  • Cube Core applies access policies to users based on their groups derived from the security context. See the context_to_groups configuration parameter for details.