Reading the documentation on "Cube Role Manager" it says,

"To deny users in a cube role access to the cube, clear the check box
beside the cube role. This action deletes the cube role and adds to
the list the database role with the same name as the cube role."

This led me to believe that unchecking the role name would remove the
role from the Roles collection of the cube. It doesn't. Instead it
sets the undocumented EnableRole key in the Permissions property of
the Role Interface to False.

I ran across this because I have to manage my own cube security for
web access. IIS doesn't pass-through the real user's authentication
credentials to Analysis Server unless you've installed Active
Directory with Kerberos.

(Just thought we should have this in the archives in case someone else
stumbles on it in the future.)