Hi all,
this is my current situation:
I have dynamic security and have let say cubes:
Cube1 and Cube2
and shared dimensions:
Dim1, Dim2, and Dim3.

Since I have a lot of users, all my users are in the SAME group, and I'm
using dynamic security to handle their persmissions.
Now, the problem arises when I want for some of these users to see all
cubes, and some of them only, let's say, Cube2.
And the same thing with dimensions, I'd like to restricts some users to even
seeing Dim2.

Now I won't get into explaining why I don't make 2 groups (instead of one)
and set permissions for each group.
Let's assume that is a problem to me.

I'm wondering is there a way to achieve the sam result via dynamic security,
something like setting allowed members to "{}" for the Dim2
for the second user group. (But that only brings up an error, I would like
make Dim/Cube invisible!)

I'm pretty certain it cannot be done via dynamic security, but have decided
to ask anyhow?

Thanks,

Igor

Have you considered creaging a security cube? The purpose of this is to act
as a means of controlling access to the 'base' cube data.

The security cube contains a single measure (=0/1) which is set according to
the required access by dimension (users being one of the dimensions).

By creating a virtual cube, and a calculated measure (=base measure *
security measure) you have complete control over who sees what.

All you have to do is maintain the security cube.

HTH

"Igor Mekterovic" wrote:

If you were going to allow for input then what would you suggest as then the
(measure *
security measure) does not work. Also, you may want to display lines with
0. Have I missed something here?

Also, you may want to consider "users" within "groups" and the group policy
applied to the dimensions. Thus probably have one cube for the users
allocated to groups with a 1/0 approach and then the users associated to the
dimensions.


"luminary" <luminary (AT) discussions (DOT) microsoft.com> wrote