.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Best way to implement security for measures in SSAS

Posted By:      Posted Date: September 22, 2010    Points: 0   Category :Sql Server

Hi SSAS gurus,


I have a requirement where I need to implement security on some measures such that it is visible to a set of users and not accessible to another set of users. Now, I also have SSRS reports defined on top of these measures which are accessible by both the set of users. I want the reports to be displayed such that the measures should be visible to the users with access but invisible or N/A should be displayed when the other set of users access the reports. What would be the best way to go forward for this?

Cheers, Jason 

View Complete Post

More Related Resource Links

Getting filtered data from Role based SSAS security

Hi everyone,I've got a heap of reports that are based on various SSAS cubes. I have roles defined on these cubes that restrict data via certain dimensions. Question is, will these restrictions filter through to the report...ie, if I have a sales person restricted in the SSAS cube to only see sales against their territory (restricted in the Territory dimension), when they run the report will it filter the result based on their SSAS credentials and only show the data they have access to (even though the SSRS report has no direct filters or parameters applied)?Cheers for any help!!

SSAS 2008 - I cannot seem to have semi-additive and normal additive measures in the same measure gro

I have a measure group with both conventionally aggregated measures (aggregation type SUM) and semi additive measures (LastNonEmpty). The cube processes them quite happily, and I can view and analyse (slice) them fine, but when I analyse them both together, then the conventionally aggregated measures (aggregation type SUM) always dissapears in favour of the semi additive measures. This is not the case if I analyse conventionally aggregated measures (aggregation type SUM) and semi additive measures (LastNonEmpty) from different measure groups.Why does this happen, and is there a way to overcome this by pref not creating seperate fact sources for the conventionally aggregated measures (aggregation type SUM) and semi additive measures (LastNonEmpty) currently in the same fact source.

How to implement Security RTP in RTC Client


Hello! I am developing a VoIP softphone in C# using RTC Client API. I need to add Security RTP but I don't know how because I don't know if RTC Client supports SRTP.


Has anyone any idea or another way to get it??? Thank you.

SSAS security safe method assembly



        Any one pls tel me im using Permission as unrestricted in SSAS assembly. The following query is executing but when i use Permission as Safe in SSAS assembly it is not working.

Please tell me about Safe Permission in SSAS assembly.

How to use Safe permission in SSAS assembly.



SSAS 2008 - Security Architecture Design?


Hi, I would like to know BEST way to design SSAS 2008 security architecture for my organization.

I have different data sources in SQL Server 2008 and those ETL store data into datawarehouse (dimension, fact) and then I create cube on that dw. What I want to do is BEST way to desgin SECURITY architecture to browse cube as per ORGANIZATION CHART.

Like we have different companies >>> divided into Division >>> SubDivisions >>> Business Stream >>> Region (i.e. west, east) >>> .....

For example if person has WEST REGION access than he can only see WEST region not the other region but he need access to correct COMPANY >> DIVISON >> SUBDIVISION >> BUSINESS STREAM >> REGION - WEST only.

Please someone can provide BEST possible solution/ideas to design this sort of SECURITY architecture. Thank You.

how to implement field-level security

I need to set up a list in which "A" users can only view and edit a subset of the fields in a custom list, while "B" users can veiw and edit all fields.  It would also be nice if, when an "A" user creates a new list item, one of the fields that is only accessible to "B" users could be set to a pre-determined value.

I'm open to different approaches here (different views of the same list, different lists with some automated way to copy items from the one list to the other, a single view of a single list with some mechanism to enforce the restrictions outlined above, or perhaps some other approach I haven't thought of).  My biggest concern is that the solution be as straightforward and simple to implement as possible.  I'm an experienced VB/C#/SQL developer, but my exposure to SharePoint has been limited to setting up and customizing very simple sites via a web browser.  I have absolutely no experience using SharePoint Designer, or any other SharePoint development tool, and am not sure I will have the time to learn it to complete this project.

Thanks in advance for your suggestions.

SSAS 2005 Standard Edition dimensional data security

I am trying to setup a security role that will be based on specific values in a dimension.  We are currently using 2005 SSAS Standard edition.  Does standard edition allow this or will we need Enterprise edition?  This is not working when we test this out.

With Excel pivot table client using SSAS cube, how to change the measures to rows?

I want the measures as rows instead of columns in Excel pivot table on a SSAS 2008 cube. How do I do that? Thanks.

Connection issue SSAS 2008 (role security)


Hello Experts,

After implement role security based on dimension security we get connection issues at the initial log on to our ssas cube.

Our environment is:
Windows Server 2008 SP2, x64
MS SQL Server 2008 Enterprise SP1
VM-Ware Maschine
Processor: AMD Opteron 8381 HE (QuadCode 2,5GHz)
Memory: 8 GB
Relation database: about 18 GB
Multidimensional database: about 8 GB / 39 Dimension / 68 measure groups (some were needed to implement m:n relations)

Security model: 4 fact tables get 4 additional column e.g. Security1 with values “yes” and “no”. A Role1 e.g. is able to see Security1 only “yes” facts. A Role2 e.g. is able to see Security2 only “yes”

SSAS 2008 R2 security issue


I have a development server running Windows Server 2008 R2 with a Analysis Services 2008 R2 service running on it. But before going forward with releasing to production, I have one final issue and it's security.

I have two Analysis db roles created: one which has full access (Role1) and another to read the (only) cube and read dimensions and so forth (Role2). When a user is in Role1, the user can see the Analysis database and cubes, etc, but if I remove the user from Role1 and leaving them only in Role2 without full control, the user can no longer even see the Analysis database.

The user can connect to the SSAS instance whether member of either roles which makes me think there are no networking issues. Running a trace I see the user correctly being identified and when the user is in Role1, everything is fine so I don't think it's a possible authentication issue. It's worth mentioning that I have Kerberos configured and working properly as I can tell. But for trying to fix this problem, I'm logged into the server and running SSMS.

QQ, Halp?

Derived Measures in ssas cube



I need to create a derived measure in my fact table in the ssas cube.

I am using Sql server 2008 R2 for creating cube.

Please suggest me ways to create that.

I tried using member expression property but it is throwing me error:

"The member expression is not in right format...... it should be in the format [measure1] / [measure2]"


The derived measure is summation of two fact fields.


Please suggest!

Dimension Security on some level and access to higher levels for Calculated/Scoped Measures



I'm trying to solve the following task:

I have a simple regular dimension e.g. calendar, there are some attributes: datekey (20100117, ...), month (201001, ...), year (2010).

There is a single user definded hierarchy called calendar:
datekey --> month --> year, the attribute relationships are configured accordingly.

There is one role that has only access to month 201001 (dimension data security - allowed memberset) - please be aware that I want to use "Visual Totals" or something simialr.

Now I have to calculate a measure: ([calendar].[calendar].[201001], [Measures].[sales]) / ([calendar].[calendar].[2010], [Measures].[sales])

How do I have to configure the security or calculate the measure that the sum of all months is used and by selecting the year only the Visual Total is shown?

Any hint is appreciated ;-)


About SSAS security on Windows server 2008


Hi Experts:

I set up a role on SSAS cube, and only users in this role can see/process the cube.

And I tried to test it by removing my NT account from not only membership of role on this cube but also administrator group of Win Server 2008R2. The problem is, when I use Excel 2007 to connect the cube on my local PC, I can still see/process this cube...

My NT account is not longer in role's memebership list or Server's administrator group, but why I can still access it...

Any thoughts?  Your help would be greatly appreciated, thanks!

How to implement business role security


Dear Friends,

In asp.net web application we have following business role.

1. Maker (creation/Updation records)

2. Checker (approval of commiting created/updated records into the system)

3. IT (User Adminstration and other master management tasks)

To keep it simple i just mentioned three roles in our application we have more than 20 roles and multiple roles could be assign to single users just like SQL server has various roles and multiple roles could be assigned to single user. 

I want to enforce following security on my pages

  • CustomerUpdate.aspx should only be accessible to Maker role users
  • CustomerVerificationTasks, CustomerReview.aspx should only be accesible to Checker role users
  • UserAdmin.aspx, UserUpdate.aspx etc admin pages should only be accessible to IT users

I am wondering how to implement this role based security? As per my thinking Following could be the way

 Assign page to role like (CustomerUpdate.aspx belongs to maker) and at page load call a function CheckAccessiblity(pageName) would validate from the following database table PageAccessiblityRoles (ID would be numeric i have just given text for easy illustration)

PageID                     RoleID



SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend