Access control

Access control in Cube involves authentication and authorization.

Authentication

Authentication determines if a user can access Cube.

• Cube cloud platform provides built-in authentication mechanisms. Users are assigned roles and permissions that determine available features of the Cube platform.
• Cube Core provides several authentication methods for its API endpoints.

Authorization

Authorization determines what data a user can access though Cube.

Authorization is managed declaratively via access policies, a built-in capability of Cube's data modeling layer. There are also programmatic controls for advanced use cases, such as the query_rewrite configuration parameter.

• Cube cloud platform applies access policies to users based on their groups and attributes.
• Cube Core applies access policies to users based on their groups derived from the security context. See the context_to_groups configuration parameter for details.