Fine grain security for analytic data sets

What is claimed is: 1 . A method including: extracting fields of data from secured, primary database sources on a batch basis and compiling the fields into analytical, read-only databases; and assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources, wherein the reference fields are distinct from the extracted fields. 2 . The method of claim 1 , further including: receiving additional fields as unsecured data sets; and assigning field level security to the additional fields received by combining user selectable explicit specification of field level security for the received fields, with pinning of inheritance of field level security for the received fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields. 3 . The method of claim 1 , wherein the user selectable assigning of field level security further includes: assigning field level security by overriding inheritance of field level security from the extracted fields with explicit specification of field level security. 4 . The method of claim 1 , wherein the analytical, read-only databases implement response times of under two seconds when searching over twenty million records and compiling aggregate statistics from selected records. 5 . The method of claim 1 , further including: calculating a new field from data in two or more fields in the primary database sources; and calculating field level security in the new field based on a combination of field level security settings in the two or more fields. 6 . The method of claim 1 , further including: joining data from two or more objects in the primary database sources; and calculating field level security in one or more of the fields in the joined data based on a combination of field level security settings in the two or more objects. 7 . The method of claim 1 , further including: flagging user-selected reference fields in the database sources as a basis for the pinning; and causing display of a user interface that lists the flagged reference fields and enables user pinning of the extracted fields to the reference fields. 8 . The method of claim 1 , further including a specification for extracting the fields of data that includes an advanced search comprising a user-entered string recognized as a field to which the user does not have field level access and treating the recognized string as not recognized. 9 . The method of claim 1 , further including caching current values of the field level security for the fields in the analytical read-only database for a limited time of one of 5-10 minutes, before querying for an update to the current values. 10 . A system including at least one server comprising one or more processors and memory, coupled to the processors, containing computer instructions that, when executed on the processors, cause the system to implement a process that includes: extracting fields of data from secured, primary database sources on a batch basis and compiling the fields into analytical, read-only databases; and assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources, wherein the reference fields are distinct from the extracted fields. 11 . The system of claim 10 , further including: receiving additional fields as unsecured data sets; and assigning field level security to the additional fields received by combining user selectable explicit specification of field level security for the received fields, with pinning of inheritance of field level security for the received fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields. 12 . The system of claim 10 , wherein the user selectable assigning of field level security further includes: assigning field level security by overriding inheritance of field level security from the extracted fields with explicit specification of field level security. 13 . The system of claim 10 , wherein the analytical, read-only databases implement response times of under two seconds when searching over twenty million records and compiling aggregate statistics from selected records. 14 . The system of claim 10 , further including: calculating a new field from data in two or more fields in the primary database sources; and calculating field level security in the new field based on a combination of field level security settings in the two or more fields. 15 . The system of claim 10 , further including: joining data from two or more objects in the primary database sources; and calculating field level security in one or more of the fields in the joined data based on a combination of field level security settings in the two or more objects. 16 . The system of claim 10 , further including: flagging user-selected reference fields in the database sources as a basis for the pinning; and causing display of a user interface that lists the flagged reference fields and enables user pinning of the extracted fields to the reference fields. 17 . The system of claim 10 , further including a specification for extracting the fields of data that includes an advanced search comprising a user-entered string recognized as a field to which the user does not have field level access and treating the recognized string as not recognized. 18 . The system of claim 10 , further including caching current values of the field level security for the fields in the analytical read-only database for a limited time of one of 5-10 minutes, before querying for an update to the current values. 19 . One or more tangible computer readable media impressed with instructions that, when executed on a computer device and one or more servers, carry out a method, including: extracting fields of data from secured, primary database sources on a batch basis and compiling the fields into analytical, read-only databases; and assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources, wherein the reference fields are distinct from the extracted fields. 20 . The one or more tangible computer readable media of claim 19 , further including: receiving additional fields as unsecured data sets; and assigning field level security to the additional fields received by combining user selectable explicit specification of field level security for the received fields, with pinning of inheritance of field level security for the received fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields. 21 . The one or more tangible computer readable media of claim 19 , wherein the user selectable assigning of field level security further includes: assigning field level security by overriding inheritance of field level security from the extr