So I'm working up a Cube for HR type folks. In it I have an employee dimension setup as Parent/Child.
HR has a role, where they get full read access to the cube, but I was thinking that the data might be handy for Management as well. What I'd like to do is create a role for the general business management group (AD) and then lock down what portion of the employee dimension they can see based on where they are within it.
Am I grasping at straws, or can I create a role for an AD group, and then use the AD Username of each person accessing the SSAS database to lock down one dimension, or would I need to create a role for each manager individually and lock it down that way?