The role based security seems understandable, but I cant seem to get it to
operate properly.

I have a test model, with a client dimension. I created a role with a test
user restricted using a custom rule that only gives access to a select group
(one) member for the dimension.

I have tried both shared dimensions and cube dimensions without success, and
with different results.

With a normal dimension (added in the cube editor) if i "Test Role" within
the Cube Role Manager the measures show up as #ERR both for "All Client" and
"named client" rows.

However, when I created a Partition with only data for the "named client" my
application connection can drill down past the "All Client" data and view
the "named client" slice.

With a shared dimension implementation the data is empty, blank. I want to
ignore this issue for now.

Any suggestions what might be going on here? It appears that there is some
file/group active directory security happening here that I dont expect.

Any web URL's about security might help. The KB 828343 Dynamic Security
presentation might work for me also, but I want to understand what is going
on here.

Thanks in advance!

Bill

What is the expression for the allowedset or deniedset?

--
_______________
Disclaimer : This posting is provided "AS IS" with no warranties, and
confers no rights.

"Bill Hays" <bhays (AT) comtime (DOT) com> wrote

Richard,

I simply used the MDX that the Analysis Manager created...

Allowed Members - blank

Denied Members -

{[Client].[Client Name].&[bmr],[Client].[Client
Name].&[jack],[Client].[Client Name].&[UberClient]}

The client "[Bill] is missing from this list, which is correct.

Thanks


"Richard Tkachuk [MSFT]" <richtk (AT) microsoft (DOT) com> wrote

It's hard to say without being able to take a look at your cube. But some
ideas.

First- make sure you're defining security on the cube dimension. Defining
security on the database dimension has no affect after the dimension is in a
cube. (There is a one-time static inheritance at the time the dimension is
included in the cube.

Second, make sure there are no errors without dimension security being
applied. What you've done is quite simple and shouldn't be a problem.

Sorry to be so vague - but it's hard to tell what's going on.

Hope this helps,
Richard

--
_______________
Disclaimer : This posting is provided "AS IS" with no warranties, and
confers no rights.

"Bill Hays" <bhays (AT) comtime (DOT) com> wrote

Hi Bill,

I wonder if [bmr] is a member or a cell?
[Client].[Client Name].&[bmr]


Sincerely yours,

Michael Cheng
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===

This posting is provided "AS IS" with no warranties, and confers no rights.