I'm migrating a dynamic security implementation from 2000 to 2005 and
I'm at a loss on how to proceed. It seems that in 2005, an allowed set
can only be specified on an attribute basis. (Is my understanding
correct here?)

However, I have users permissioned at many different levels of the
hierarchy, so I need to define allowed sets on each of the attributes
that make up levels of the hierarchy. And these end up interfering with
each other.

For example, if user A is permissioned to see all of North America (on
level 1), and user B is permissioned only to see zip code 10025 (on
level 5), my dynamically generated allowed set for level 5 returns the
empty set for user A.

This is due to the fact that user A is permissioned for *all* of North
America, so does not have any explicit permissions for level 5. I want
the product to recognize from my user-defined hierarchy, that level 1 is
higher than level 5 and conclude that user A can see all zip codes.

How is this best achieved in SSAS 2005?


*** Sent via Developersdex http://www.developersdex.com ***