Database Reference
In-Depth Information
You can add any number of users to the
Security
measure group as long as the
same domain accounts are granted permission to the dynamic security role.
Tip
Keep in mind that the dynamic security implementation discussed in this section
relies on the measure group. In order to provide access to new users, you
must process the
Security
measure group after adding user logins to the
FactUserTerritory
table. Newly added users will not be able to read the
cube data until the
Security
measure group is processed.
The dynamic security solution that we just implemented uses the
StrToMember
function. This could result in some performance overhead when working with
large data sets. For an alternative syntax for implementing a dynamic security
role, please refer to the
A role security MDX tip
section in the blog post:
ht-
There's more...
Some applications use the .NET code to enforce dimension or cell-level security
within cubes. The primary reason for using .NET programs to secure cubes is that
the
Security
measure group grows too large and processing it is often not a feas-
ible option. However, most applications serve hundreds or thousands of users and
processing the
Security
measure group is much quicker than processing other
measure groups that are likely to have millions of rows. You can create partitions to
speed up the processing of the
Security
measure groups much like you do with
any other measure group. Refer to online forums and blogs for examples of imple-
menting dynamic security using .NET code.
Search WWH ::
Custom Search