Databases Reference
In-Depth Information
Figure 19-6
Once you have created your UDM, the next step is to define security to re-
strict the data being seen from the users based on their location. The roles
object in Analysis Services allows you to restrict data access based on the lo-
gin of a user. The roles object contains a collection called membership which
you learned in
Chapter 12
. You can add a user or a group of users to this
membership collection. The security restrictions applied in this role will be ap-
plied to all the users in the membership collection. In this business problem
you need to limit access to the sales representatives so that they can only
see the sales information relevant to their state or their direct reports. You will
learn several solutions to restrict the dimension member access along with
their merits and de-merits.
Restricting a user to see only certain members of the dimension Location
automatically restricts the user from seeing the sales information for that loca-
tion. Location is a dimension and applying security or restrictions to users to
certain members of a dimension is therefore called dimension security. If a
user is part of more than one role, Analysis Services restricts the user to just
a union of the roles the user is member of. For example, if a user is a mem-
ber of Role1 where you have restricted the users to see location New York,
and the user is also a member of Role2 where you have restricted the users
of Role2 to location New Jersey, the user can see both these locations when
he connects to Analysis Services. If Role1 had security restrictions for a user
that does not allow you to see the dimension member New York and Role2
had security restrictions the same user in a way you are able to see the mem-
Search WWH ::
Custom Search