August 5, 2011 at 5:25 am
I wondered if anyone had done this. I'm trying it and getting some confusing results.
I have a user in 2 roles
One restricts which countries they can see
The other restricts which product groups they can see
I would expect them to therfore only be able to see one product group in one country. BUt they seem to be able to see everything.
When I restrict them down to just one role I can get them down to just one country but all products, or I can get just one product all countries.
Do I need to create a role for every country/product combination that I want to restrict?
September 7, 2011 at 3:34 pm
I need to implement the same thing and have been searching the web for some time now. Did you ever get an answer or find the solution?
Thanks
September 8, 2011 at 4:27 am
As Security is additive in SSAS the trick is to use inverse logic. In my case it was two dimensions that needed different security, Products and Countries. You should always use the "Deselect all members" option.
So I created a series of role for products, which allowed access to just the relevant product subset but also denied access to all countries.
Then I created another set of roles which allowed access to each country but denied access to all products.
Then when I want someone to have access to one product in one country I assign then to both the country role and the product role that is applicable.
Multiple countries, just add more country roles, multiple products, just add product roles. I ended up with 25 Geography roles and 15 Product Roles. Whihc isWhichge number of possible combinations but We added Domain level groups to these so users just needed to be added to the groups for a product. We used existing domain groups which were office/location based in the geogrphygeography
Assign a user to a product group and their location/office would take care of what they could see.
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply