is it possible to secure specific dimension? I'd like to deny selected roles using certain dim. For example, pricing role shouldn't use Customer dim, Basic role should use just Date and Location dim. Could perspectives be used for that (specify dims/measures and grant access just to that perspective) or is there other way? Obviously, I must be overlooking something, this is really basic requirement, isn't it...
TIA,
Radim
Hi! Have a look at roles in the solution explorer. Right click on roles and explore the features.
Perspectives are not a security feature. They are more about easier browsing/navigation.
Regards
Thomas Ivarsson
|||Hi! Thanks, but of course I have tried that :) If you go there, you'll be able to see just two options (at least I do) allowed for dimension security: Read and Read/Write (or to inherit settings). I know that (unfortunatelly) perspectives are more for convenient browsing then for anything else.Has someone really tried that with success?
Radim|||
On the following tab you have dimension data where you can give access to or deny members in dimensions.
Regards
Thomas Ivarsson
|||That's right. We've implemented dynamic member security system (clr callback function) already, but what I'm asking is how to deny the whole dimension for certain role. I don't want go down to members.Why this cannot be implemented, is there any internal limitation?
Radim|||
OK. I understand. Can this link be of any help: http://sqljunkies.com/WebLog/mosha/archive/2005/04/10/10599.aspx ?
Regards
Thomas Ivarsson
|||Thomas, I really appreciate your effort :) But yes, I've read all post from Mosha (it's a must for everyone who wants to get deeper into AS :) ). I know that I could solve it by granting access just to Allmember in some dim, but that's not good. My thinking is - why should I unveil dimensions structure if I don't want to? If Customer dim (for example) is not interesting for certain role, why I just can't hide it. Or should I create new cube for that... ridiculous. I'm really missing this functionality and it seems strange to me, that nobody else is asking same question...Thanks,
Radim|||
Sorry about consumed information. If you are interested in hiding a dimension by code I have not done that. I have implemented dynamic security with a fact table and a virtual cube in AS2000.
What I do not understand is why you cannot use the tab where you allow/deny access to dimensions and point that combinations to separate roles.
I have not tried this by code.
I do not know how big your cubes are but sometimes building a new cube can be the easiest solution, even if it not a good solution. We have done that depending on that we need to deny access to some measures and dependent calculations. Without separate cubes this will mean a large administrative burden. As long as they are in the same project they share dimensions and it is easy to copy scripts.
If you have large cubes I understand that this is impossible.
We have also the problem that ProClarity do not recommend dynamic security with their Analytics Platform.
Regards
Thomas Ivarsson
|||Thomas, in ideal world I'd like to have three choices on Dimensions tab: None, Read and Read/Write. I can see only Read and Read/Write. So that's useless. On Dimension Data tab I can deny all members from certain dim and that does the trick, but dimension is still visible (even though it cannot be used for analysis). Imagine that you have 20 dimensions in a cube (just as an example) and you deny all members for 18 of them. Now, in a browser (Proclarity or anyhing) you would still see all 20 dims, where 18 is completely useless. And that's what I'd like to overcome.Could you please publish that recommendation about Proclarity? Dynamic security is heart of our cubes and Proclarity is the default browser.
And our solution is still growing, dwh is over 100GB and major cube around 10GB. So don't fancy idea about bulding and processing multiple cubes..
Radim|||
Here is a link to a ProClarity Blog: http://blogs.proclarity.com/blogs/dgustafson/default.aspx, regarding dynamic security.
Edit: I will have to test a little more time but I think you are correct. The dimensions will show but you cannot use them. If you construct perspectives after applying security that can help filtering denied dimensions.
Regards
Thomas Ivarsson
sql
No comments:
Post a Comment