eo
MIS
- Apr 3, 2003
- 809
Hi,
I hope my confidence in SSAS 2005 does not let me down here
![[morning]](/data/assets/smilies/morning.gif "[morning] [morning]")
I have a fact table with a large dimension table (Policy dimension on the one side, and Broker dimensionon the other side), and a number of snowflake dimensions off the large Policy dimension table. I will try and visually represent this:
One of the attributes in the Policy dimension is Legal Entity, and one of the attributes in the Management Structure dimension is Division. I must restrict user access on two dimensions:
a) on the XYZ member of the Legal Enity hierarchy in the Policy dimension, and
b) on the MARINE member of the Division attribute in the Management Structure snowflake dimension
It is quite easy to implement this using cube roles and allowed or denied sets, and if the user views the facts by these dimensions they only have access to the XYZ Legal Entity member, and the MARINE Division member, BUT when these restricted attributes are not used when querying the cube, then the facts totals still includes the values which belongs to XYZ and MARINE. For example if the facts are sliced by Broker, and not by Legal Entity and Division, then all the facts are shown, even those belonging to XYZ and MARINE.
I hope I am explaning this clearly, but in short, can dimension data security settings apply to the WHOLE cube?? I really hope so, otherwise this security module within SSAS 2005 seems pretty pointless
![[nosmiley]](/data/assets/smilies/nosmiley.gif "[nosmiley] [nosmiley]")
EO
Hertfordshire, England
I hope my confidence in SSAS 2005 does not let me down here
I have a fact table with a large dimension table (Policy dimension on the one side, and Broker dimensionon the other side), and a number of snowflake dimensions off the large Policy dimension table. I will try and visually represent this:
Code:
> Channel
Broker < Fact > Policy dimension > Management Structure
> BrokerOne of the attributes in the Policy dimension is Legal Entity, and one of the attributes in the Management Structure dimension is Division. I must restrict user access on two dimensions:
a) on the XYZ member of the Legal Enity hierarchy in the Policy dimension, and
b) on the MARINE member of the Division attribute in the Management Structure snowflake dimension
It is quite easy to implement this using cube roles and allowed or denied sets, and if the user views the facts by these dimensions they only have access to the XYZ Legal Entity member, and the MARINE Division member, BUT when these restricted attributes are not used when querying the cube, then the facts totals still includes the values which belongs to XYZ and MARINE. For example if the facts are sliced by Broker, and not by Legal Entity and Division, then all the facts are shown, even those belonging to XYZ and MARINE.
I hope I am explaning this clearly, but in short, can dimension data security settings apply to the WHOLE cube?? I really hope so, otherwise this security module within SSAS 2005 seems pretty pointless
EO
Hertfordshire, England