I have created a global security group and made a new user a memeber of that
group. Then I've used (in Analysis Manager) the cube roles manager to assign
dimension level security to a cube.

It 'tests' fine using the 'Test Role' button BUT when the specific user who
is a memeber of the security group logs on and creates a pivot table in XL
they can see all the data in the cube.

Any ideads what I'm doing wrong?? Tearing my hair out...

many thanks

Stephen

Several possibilities come to mind.
1) If they are a member of the OLAP Administrators local group then they can
see all members regardless of what roles they are in.
2) Individually each role may check out, but combined they mean that the
user can see all members. The way roles are combined in AS is that the
allowed list is formed for each role; then its denied list removes
members -- then the resulting final sets are UNION'ed together. Thus if you
are in two roles and denied access to a member in one role; but allowed
access in the other; then you have access -- this is different from many
other systems and can sometimes surprise users when they first start using
AS security.
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Stephen Lonsdale" <StephenLonsdale (AT) discussions (DOT) microsoft.com> wrote in
message news:74EBC49D-D387-4251-9549-707D8467EB90 (AT) microsoft (DOT) com...