0

I have an OLAP (multidimensional) cube where I have implemented dimensional security by adding an MDX expression to a cube dimension (using the UserName() function).

The security model works fine and the user gets restricted access to data in the cube.

I have also added some drillthrough actions. This works fine when the dimension that is used for the dimensional security is included in the pivot table. But when they are not included in the pivot table (for example if you have a pivot table consisting of a measure only) the drillthrough action returns data/rows that should be occluded by the security model (dimensional security).

Is this as expected? Are there any workarounds?

James Orr
  • 5,005
  • 7
  • 39
  • 63
jockefe
  • 11
  • 4
  • Does your security role have the Enable Visual Totals checkbox checked? If not try checking it to see if that solves the problem. – GregGalloway Jan 12 '17 at 13:22
  • Yes it has the security model does not wotk otherwise – jockefe Jan 12 '17 at 15:08
  • If you connect in SSMS Object Explorer to SSAS what's the exact version number you see on the server node? – GregGalloway Jan 12 '17 at 16:16
  • I have SQL 2014 (12.0.5000.0) – jockefe Jan 12 '17 at 16:43
  • Has the fact table of your measure a relation in the dimension designer to the dimension you have specified security in? You need a relationship or it won't work. – Chris Tian Jan 12 '17 at 18:29
  • @jockefe so the latest service pack. I didn't spot anything in a later cumulative update that looks like a fix for this. May be worth a support case – GregGalloway Jan 12 '17 at 20:30
  • @ChrisTian: yes the dimension I am using for dynamic/mdx security is directly related to the fact table – jockefe Jan 13 '17 at 06:53
  • I'm starting to think that this is by design after reading this comment: "There is no way to apply security to DRILLTHROUGH actions, so we cannot decide whether a specific user is authorized or not to perform a specific action. Since DRILLTHROUGH actions are initiated at the client side, we can decide whether a user can perform or not DRILLTHROUGH but, once we let him do it, he can query anything he wants." – jockefe Jan 13 '17 at 06:56
  • from this post: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/4326c5f9-bff1-4303-9c41-5056e56e2b96/drillthrough-not-working-for-users-in-role-with-dimension-security-applied?forum=sqlanalysisservices – jockefe Jan 13 '17 at 07:00

0 Answers0