Re: Help Needed with Dynamic Dimension Security
- From: "John Smith" <john9877798@xxxxxxxxxxx>
- Date: Sat, 8 Oct 2005 21:15:09 -0400
Unfortunately, Dave Wickert's solution only works in a VERY limited, narrow
business application for securing members.
Dimension level security where the user is limited to specific roll-ups is a
different beast.
It involves the concept of Visual Totals, and the AS Server must know which
rollups are to be secured, and the point in the hierarchy where the security
begins.
In order to do this, one must use the DSO, and a custom security tool.
The number of roles should be limited because each Role could have a
particular, even overlapping, subset of the hierarchy allocated for their
perusal.
The security model you are trying to implement should be clear.
For example:
A large number of domain accounts (Between 1 and 2000 accounts),
representing Account Managers.
10 different Overlapping Hierarchies (potentially common levels). There may
be many account managers that belong to the same division, and they may have
common customer accounts that should be visible to their team members and
across teams too.
The only solution is to allocate the specific hierarchy to roles.
Virtual Cubes do not work for this kind of granular security model.
John Smith
<graeme.ord@xxxxxxxxx> wrote in message
news:1128609278.319802.16550@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hello,
>
> I have been recently been trying to use the Dynamic AS Security method
> of using Dimension Security with a Virtual Cube.
>
> I have implemented the MDX statements and created the standard, secure
> and virtual cubes.
>
> The main cube we have has 10 dimension and I am attempting to secure
> the cube via the Organisation dimension.
>
> The security_fact table is actually a view created from our user table
> and the organisation members that they have been assigned to.
>
> However, I am not sure if the cube security is working. Using the
> dimension browser I have exposed the Secure measure and viewed it when
> selecting other dimension members. What seems to be happening is if
> the Dimension does not have an all level and the Org member I select is
> one I have rights to then I see the number 1 in the secure column. If
> the dimension DOES have an All Level then it only appears at the top
> level and does not propogate down.
>
> To (kind of) make this work, I have put the top level dimension members
> in my MDX statment to ensure that it is picking up my rights.
>
> Also, it appears that it is not letting me see any members BELOW the
> ones I have rights to - only at the current level.
>
> Can anyone provide any guidance in this matter. I would really like to
> get this working otherwise I will be having a very long and tiresome
> weekend typing in 150 + cube roles and assigning them to members of my
> Org dimension
>
.
- Prev by Date: Re: Financial Cube - sum accounts
- Next by Date: Re: Migrating AS db from beta 2 to beta 3
- Previous by thread: Re: Help Needed with Dynamic Dimension Security
- Next by thread: Re: APART FROM SQL S., ANY CUBE EDITOR (FREE 3RD PARTY) ??
- Index(es):
Relevant Pages
|
Loading
