I have the following data model in a SSAS Cube:
I have set the following mdx formulas for the dynamic security role on the corresponding cube dimension data:
NonEmpty (
[Organisation No].[Organisation No].[Organisation No].Members,
(StrToMember ("[User].[AD_User].&[" + UserName () + "]"),
[Measures].[ORGANISATION SECURITY BRIDGE Count])
)
NonEmpty (
[Order No].[Order No].[Order No].Members,
(StrToMember ("[User].[AD_User].&[" + UserName () + "]"),
[Measures].[PRODUCT SECURITY BRIDGE Count])
)
NonEmpty (
[Project No].[Project No].[Project No].Members,
(StrToMember ("[User].[AD_User].&[" + UserName () + "]"),
[Measures].[PROJECT SECURITY BRIDGE Count])
)
Here, as shown, I would like to integrate view restrictions for the individual dimensions so that users only see the elements of the attributes to which they are entitled and, beyond that, only associated sales figures. However, if a user is assigned to organization A, for example, and works in project XYZ at the same time, these permissions exclude each other to the extent that the result set in the subsequent query remains empty. I therefore think that I have an error in the concept somewhere and hope that someone here can help me or someone has a best practice advice.
question from:
https://stackoverflow.com/questions/65916817/ssas-multidimensional-dimension-data-security-on-multiple-dimensions-without-th 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…