Database Reference
In-Depth Information
•
Both Cell security and Dimension security can be static or dynamic. Dynamic
security relies on the
UserName
function, which returns the name of the
user who is connected to the cube; it can be used to write dynamic MDX
expressions that return different sets for different users. This then means
that one role can be used to handle security for many different users with
different permissions.
•
Dynamic security can be implemented in two ways: where the information
on what data a user has access is to store in the cube itself, or where this
information is retrieved using an Analysis Services stored procedure. The
former, cube-based approach is recommended as it is likely to perform better.
•
Implementing Dynamic security on a parent/child hierarchy requires
some very complex MDX set expressions, and so this is another reason for
avoiding both parent/child hierarchies and dynamic security.
•
Keeping your security model as simple as possible will result in
faster development and better query performance. Where possible use
dimension security instead of Cell security, and static security instead of
Dynamic security.
•
Last of all, security is such a complex issue it must be planned for right at the
beginning of a project and not treated as an afterthought!
Search WWH ::
Custom Search