In AS2K dimension security I could deny access to a whole dimension using the 'Fully Restricted' setting on a role. In AS2005 I can't see how to do the same thing - the only thing I can do is to deny access to every member on every attribute but even then I still see the dimension name in the metadata. BOL suggests it is possible but its descriptions of the UI must have been written before RTM and don't bear much resemblence to the current situation; I've also had a go at setting some of the properties on the permissions object in the XMLA definition of my cube but they don't work either. Is this feature still available? If not, can we have it back?
Chris
Hi Chris.
My recent experience is we had to go "outside" the native role based functionality to achieve the functionality you defined. Our work is probably a demonstration of my ignorance on how to get the same funtionality we had in AS2K expressed in AS2005. When I say go "outside" I mean we used table based security which married the user with the branch of the organization hierarchy they are allowed to see - and ONLY that branch. The user does not see any other members from the organizational hierarchy. I think you're familiar with the solution. If not, let me know and I'll email you the whitepaper.
If Chris is correct - where we can't get the same functionality as we had in AS2K, then I second his suggestion to "have it back."
PGoldy
|||Hello Paul. Have you done this in the old way of dynamic security, by a security fact table or a stored procedure. If there is any new written on this subject I would like to know.
Regards
Thomas Ivarsson
|||Hi Thomas. The security technique was teh "old" way of dynamic security. Nothing new here, except that it works in AS2005. Nothing new written here.
Best Regards,
PGoldy
|||Hi,
Did you try to design a perspective for the role you want to restrict acces ?
Regards
|||Thanks for the feedback, everyone. It does indeed look like a forgotten feature - I'll post it in Connect. Alex - yes, my workaround involves using dimension security to restrict all the members on my dimension then use a perspective to hide the dimension itself.
Chris
|||Thanks Chris and everyone for rasing this issue.
Please go ahead and file the connect case for it.
Edward Melomed.
--
This posting is provided "AS IS" with no warranties, and confers no rights.
I was trying to point the same thing out here:
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=785302&SiteID=1
Can I get somehow access to Connect web site (which afaik was closed for new-comming users), I have some other issues as well, which would be nice to handle in next update. I understand that this forum is not intended to collect any errors and that nobody will enter it into Connect programme.
Thanks,
Radim|||
Hi Radim,
I have no idea whether Connect is closed to new users - it seems a bit strange if it was. It is a bit of a nightmare to navigate through though.
Anyway, I've submitted this issue here:
https://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=233410
Please vote on it!
Chris
|||Absolutly!
You've had my vote !
Best, Jocke
|||Hi PGoldy,
Can you email me the whitepaper on this? i have the same problem right now on security (how i can restrict the users with the amount of data they can see).
thanks,
cherriesh
|||Hi Cherriesh. Better than a document, here's an on-line link to the information your looking for. The author is Richard Tkachuk who is part of the Analysis Services team at MS - very reliable source. Good luck.
PaulG
http://www.sqlserveranalysisservices.com/OLAPPapers/UsingUserNametoControlDataAccessandDefaultMemberinSSAS.htm
No comments:
Post a Comment