All,
have researching this for a while and a bit surprised that it does not seem
to be an issuer for others

We are trying to migrate to AS2k 64-bit.
The dynamic security that used to work fine in 32-bit is failing now because
we can not handle missing members with iserror (64bit does not support VBA)

our security is based on a virtual cube built using a nonemptycrossjoin.

probelm is if any user trying to connect is not a member of the scurity
dimension this puts the cube in an instable state and nobody from that
particuliar role will be able to connect.

this was handled in the 32-bit version using iserror and returning an empty
set.... but now 64 bit does not support iserror !

any hints will be very much appreciated

I have seen exactly same question from one big company before - they
eventually ended up writing 64bit C++ UDF to check for error.
You could also file DCR with PSS to add IsError support on 64bit.

--
==============================*=================== =
Mosha Pasumansky - http://www.mosha.com/msolap
Analysis Services blog at http://www.sqljunkies.com/WebL*og/mosha
Development Lead in the Analysis Server team
All you need is love (John Lennon)
Disclaimer : This posting is provided "AS IS" with no warranties, and
confers no rights.
==============================*=================== =
"Nabil Majoul" <Nabil Majoul @discussions.microsoft.com> wrote

Hi Nabil,

I assume that at the moment, the membership of your dynamic role is set to
Everyone or a group that is a superset of all the people who have access to
the cube. Either you should restrict the role membership to only the people
who appear on your security dimension (a pain, I know); or possibly increase
the number of users on your security dimension to everyone in the group
you're using, and give these people access to no members on the dimension
you're securing (which I *think* should also work).

Alternatively, I think it should be possible to work around the problem in
MDX. Can you post up the MDX expression you're using?

Regards,

Chris

--
Blog at:
http://spaces.msn.com/members/cwebbbi/


"Nabil Majoul" wrote:

Chris,
you are right the membership is based on a group and we have seen
possibility that members of this group where not appearing on the security
dimension. I'm looking at the possibility of restricting the membership but
its a pain as this is all data driven from another application (does GMRB
rings a bell to you )
and what i find very disturbing and have trouble to understand is that the
cube gets in a state that even people hwo are members of the security
dimension can not get access anymore....

here is the MDX as you requested:
STRTOSET(
IIF(IsError( STRTOMEMBER("[Users].[User].[" + UserName + "]") ),
"{}",
SETTOSTR(
GENERATE(
Filter
(
NonEmptyCrossJoin(
{[Security Business Entity].[Affiliate].members},
{STRTOMEMBER("[Users].[User].[" + UserName + "]")}
),
[Measures].[Granted]>0
),
{STRTOMEMBER("[Business Entity].[Affiliate].&[" +[Security Business
Entity].currentmember.properties("key") + "]") }
)
)
)
)

Thank you for your help its very much appreciated...
Nabil


"Chris Webb" wrote:

Hi Nabil,

I know, it's a bit rubbish the way that roles become corrupted so easily.
However, I think there should be a nice easy solution to your problem - try
replacing
IIF(
COUNT(
FILTER([Users].[User].MEMBERS, USERS.CURRENTMEMBER.NAME = USERNAME)
)=0
, "{}", ...

Let me know if this works...

Regards,

Chris

--
Blog at:
http://spaces.msn.com/members/cwebbbi/


"Nabil Majoul" wrote:

Chris,
Thanks a lot !
this seems to work ! still needs some serious testing ..this cube corruption
makes me very nervous...
but this is the best I can get ....I owe you a beer next time you pass by
Lausanne !
Regards,
Nabil Majoul


"Chris Webb" wrote:

Arrrrgh (frustration)...
now my problem is that FILTER([Users].[User].MEMBERS,
USERS.CURRENTMEMBER.NAME = USERNAME) is case sensitive !!!


"Nabil Majoul" wrote: