Welcome to MSDN Blogs Sign in | Join | Help

From Azaz on Analysis Services

Read about SQL Analysis Services 2005 and onwards
Dynamic Security in SSAS Cube

For implementing dynamic security in your SSAS cube you need make little change in the Dimension model.

Steps:

1. Assuming you already have a dimension to store the employee credentials for whom you want to apply the security. If such dimension is not there then create one.In AdventureWorksDw we have such a table called DimEmployee

2. Decide what you want to secure, let’s say Customer dimension members

3. Create a fact table (factless) relating the Customer and Employee dimensions

clip_image002

4. Create / modify the cube to include the following

clip_image004

clip_image005

5. Add the test data (in employee table)

clip_image006

6. Test it

Connect to the cube through any client (Cube browser/SSMA/Excel) as a test user and you will see the dynamic security working.

If anybody need this sample write to me at azazr@microsoft.com

Posted: Friday, August 15, 2008 6:09 AM by Azaz Rasool

Comments

Dynamic Security in SSAS Cube | Easycoded said:

PingBack from http://www.easycoded.com/dynamic-security-in-ssas-cube

# August 15, 2008 1:17 AM

spkn said:

Azaz Rasool:

Nice post on SSAS dynamic security. Trying to implement based on your post and got struck with following error. Appreciate you help.

MDX Query:

----------

EXISTS ( [Dim Account] . [Dim Account]. Members,

STRTOSET ( " [Dim Employee] . [LoginID] . [" + Username + "]"),

'Fact Secure Account'

)

-------------------------------

Getting errors:

Check MDX script syntax failed because of the following error:

----------------------------------

An error occurred in the MDX script for the dimension attribute permission's allowed member set: The dimension '[Dim Employee]' was not found in the cube when the string, [Dim Employee].[LoginID].[CORP\Name], was parsed.

-----------------------------------

Appreciate your help.

# November 7, 2008 12:28 PM

Jamin said:

I'm having some trouble with the Username function.  If I use:

EXISTS([Dim Account].[Dim Account].Members,STRTOSET("[Dim Employee].[LoginID].[domain/user]"),'Fact Secure Account')

it works fine, but if I use the Username function then it doesn't.  I thought maybe it was the format that Username function returned so I check it via:

WITH MEMBER Measures.x AS UserName

SELECT Measures.x ON COLUMNS

FROM [Item In]

The domain/user string from my dimension and the Username function are identical.  Do you have any suggestions?

Thanks,

Jamin

# September 15, 2009 5:42 PM

Sonal Agarwal said:

Hi Azaz,

I am encountering the following error after following your suggested approach:

Check MDX script syntax failed because of the following error:

----------------------------------

An error occurred in the MDX script for the dimension attribute permission's allowed member set: The dimension '[Dim Employee]' was not found in the cube when the string, [Dim Employee].[LoginID].[CORP\Name], was parsed.

Can you please help me with this?

# October 15, 2009 6:33 AM

Sonal Agarwal said:

Hello All,

I got the resolution for my problem.

I was trying to implement custom security on database dimension instead of cube dimension. So, when I tried the same thing on cube dimensions, it worked perfectly.

Thanks for this great article.

# October 15, 2009 10:05 PM
Leave a Comment

(required) 

(required) 

(optional)

(required) 

  
Enter Code Here: Required

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Page view tracker