.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Cross Dimension Role Security

Posted By:      Posted Date: September 22, 2010    Points: 0   Category :Sql Server
Hello guys,





The Problem:

As you can see the DimSeller is related to the DimCustomer by a non key attribute called "CNPJ", my question is how can i define role security based on that dimension attribute.

For example:

Im a customer with the cnpj 1234, and when i want to see the seller cnpj i can only see the "rows" that the Customer.CNPJ in the DimSeller is equal to my cnpj. 

My future needs i will associate the cnpj with a claims autentication user so than i can use that on sharepoint. At this page I found something like i need, but there i should repeat the steps for each attribute of the dimension, and that would be very hard.

Anyone have some suggestion wich is the best approach for doing this?

View Complete Post

More Related Resource Links

Authorize It: Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager


Authorization Manager in Windows Server 2003 represents a significant improvement in the administration of role-based security, making it more scalable, flexible, and easier to implement. Using Authorization Manager, you can define roles and the tasks those roles can perform. You can nest roles to inherit characteristics from other roles, and you can define application groups. In addition, Authorization Manager lets you use scripts to modify permissions dynamically, and it allows you to wrap your security logic in a security policy that can be stored in Active Directory. Authorization Manager also includes an easy-to-use API for running access checks. The author discusses all of these topics and demonstrates them with a working sample.

Keith Brown

MSDN Magazine November 2003

Security: Unify the Role-Based Security Models for Enterprise and Application Domains with .NET


Role-based security allows administrators to assign access permissions to users based on the roles they play rather than on their individual identities. These privileges can be used to control access to objects and methods, and are easier to identify and maintain than user-based security. The .NET Framework provides two role-based security models, which are exposed as two namespaces: System.Enterprise-Services and System.Security.Permissions. Presented here is a comparison of the two options and a discussion of when each is the right choice. The author also demonstrates the process involved in setting up access security and discusses role memberships.

Juval Lowy

MSDN Magazine May 2002

Getting filtered data from Role based SSAS security

Hi everyone,I've got a heap of reports that are based on various SSAS cubes. I have roles defined on these cubes that restrict data via certain dimensions. Question is, will these restrictions filter through to the report...ie, if I have a sales person restricted in the SSAS cube to only see sales against their territory (restricted in the Territory dimension), when they run the report will it filter the result based on their SSAS credentials and only show the data they have access to (even though the SSRS report has no direct filters or parameters applied)?Cheers for any help!!

Security problem with cross database chaining and stored procedures

I have a situation whereby ProcA exists on database A, but ProcA executes about 20 stored procedures scattered across different databases. To further complicate matters some procs that ProcA calls also call other procs in other databases, this then presents the problem of cross database chaining where you can’t really write to a database from a proc that resides in another database. I am wondering how I can get around this problem, I know I can simply let open cross database chaining and the problem will go away, the other option is to create a proxy which is very complicated and wouldn’t work in my environment. Is there any way around the problem.

filtering a role playing dimension

I have a role playing dimension and need to run a query that will select the intersection of members that are common on a single attribute...    So Dim1 and Dim2, they both have the attribute [Name] (though the fact table has two different foreing keys mapping to the single primary key on the dimension table) I need to select the members where both foreign keys on the fact table map to the same member in the dimension table so for example,  Dim1.Name = 'John Smith' and Dim2.Name = 'John Smith' Any ideas? Javier Guillen

Different attribute name in each dimension for a role playing dimension

Is it possible to name the attribute differently in a role playing dimension. For example I use the Date dimension as the role playing dimension for Ship Date and Order Date. When I use these attributes on the report, both of them show as 'Date' which is the name of the attribute in the Date dimension. Is there any work around to implement these names differently?

Sharepoint 2010 with role-based asp.net security


I have a Sharepoint 2010 (forms authentication) site on windows server 2008 with asp.net role-based security. At the highest level i have document libraries with folders within each as shown below.

> Doc Lib 1

>> Sub folder 1

>> Sub folder 2

> Doc Lib 2

>> Sub folder 1

>> Sub folder 2

Sub folder 1 and sub folder 2 are the same within each document library.

I want to be able to use asp.net roles to restrict users access to the document library. For example, user 1 should only be able to access sub folder 1 within doc lib 1. I'm not sure how i should go about configuring the roles.

I have created role1 for access to doclib1 and role2 for doclib2. In addition i also have roleA for access to subfolder1 and roleB for access to subfolder2. I have assigned the roles the libraries and folders. To user 1, i have assigned : role1 and role A. I expect that user1 should only see doclib1 and within it subfolder1. But that isn't the case.

How do i achieve my desired results?

Menu - Role security not working on second level of sitemap


I have role assignments on both the first and second level of my menus within my sitemap file.  The first level works fine, and I only see items assigned to my role.

But roles assignments seem to have no effect on the second level.  It seems like if you have access to the first level, you have access to everything on the second level.

Is this correct?

From my sitemap (either a SalesRep or an Administrator can see everything underneath):

    <siteMapNode title="Administration" roles="SalesRep,Administrator" description="Admin" >

      <siteMapNode title="CompanyMaintenance" roles="SalesRep" url="~/Admin/CompanyManagement.aspx" />

      <siteMapNode title="Initialize Roles" roles="Administrator" url="~/Admin/Roles.aspx"/>


From my config:

    <roleManager enabled="true" defaultProvider="SqlRoleProvider">

Dimension browse using Role fails with Error retrieving children

Hi, this concerns SSAS 2008 R2. I've created a test user and I want to give this test user re-only access to a cube and all of its dimensions. So, I created a Role as follows: General: Checked the Read Definition for database permissions Membership: users and groups set to Domain\Testuser Data Sources: (cube data source name), Access None, Read definition (grayed and checked) Cubes: (cube name), Access Read, Local Cube/Drillthrough Drillthrough, Process (unchecked) Cell Data: all blank Dimensions: All database dimensions, Access Read, Read Definition (grayed and checked), Process (unchecked) Dimension Data: (default, all checked) Mining Structures: (default, all blank) The Testuser can browse the cube using Management Studio, no problem. This includes access to all dimension members and browing the member hierarchies (as part of the cube). However, Testuser cannot browse the dimensions. The primary error is a blank pane saying that "the dimension does not contain hierarchies". So, I investigated. While logged on as Testuser, I looked at the properties of the Role as displayed in Management Studio. No suprises until I got to Dimension Data. Then, for each dimension, instead of the list of members and checkboxes in the main display pane, I saw "Error retrieving children: The '$dimensionname' object was not found. Parameter name: index" (where dimension

retrive Cube Role Security information


how can I retrive cube role security information ( including members, dimension security, etc..) using AMO?

where can I find code examples?




Role playing dimension and member naming question.


I have a fact table with invoice information that has multiple date columns.

I had originaly only needed to join my time dimension to this fact table on it's create date, but I have now added a role-playing dimension to join to the invoice date.

When I had 1 date dimension all of it's members where called 'week','year', 'day', etc.
Now that I have the role-playing dimension I have two dimensions with member names like 'Date.week', 'Date.year', 'Date.day', 'Invoice Date.week', 'Invoice Date.year', 'Invoice Date.day'.

So many queries I had written to reference the original date dimension no longer work because of the extra 'Date.' prefix. Is there a way to hide this prefix for my original date dimension?

Thanks in advance.

how to add role based security using (ul - li) for menus ?


Hi, All

   How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?


<li><a href="#">Services</a></li>
<li><a href="#">About us</a></li>
<li><a href="#">Admin</a></li>

Many Thanks


Custom access denied page for role based security


I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.

The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? It would be great if this page could come up in lieu of the sign in box popping up as well.


Connection issue SSAS 2008 (role security)


Hello Experts,

After implement role security based on dimension security we get connection issues at the initial log on to our ssas cube.

Our environment is:
Windows Server 2008 SP2, x64
MS SQL Server 2008 Enterprise SP1
VM-Ware Maschine
Processor: AMD Opteron 8381 HE (QuadCode 2,5GHz)
Memory: 8 GB
Relation database: about 18 GB
Multidimensional database: about 8 GB / 39 Dimension / 68 measure groups (some were needed to implement m:n relations)

Security model: 4 fact tables get 4 additional column e.g. Security1 with values “yes” and “no”. A Role1 e.g. is able to see Security1 only “yes” facts. A Role2 e.g. is able to see Security2 only “yes”

Dimension Security on some level and access to higher levels for Calculated/Scoped Measures



I'm trying to solve the following task:

I have a simple regular dimension e.g. calendar, there are some attributes: datekey (20100117, ...), month (201001, ...), year (2010).

There is a single user definded hierarchy called calendar:
datekey --> month --> year, the attribute relationships are configured accordingly.

There is one role that has only access to month 201001 (dimension data security - allowed memberset) - please be aware that I want to use "Visual Totals" or something simialr.

Now I have to calculate a measure: ([calendar].[calendar].[201001], [Measures].[sales]) / ([calendar].[calendar].[2010], [Measures].[sales])

How do I have to configure the security or calculate the measure that the sum of all months is used and by selecting the year only the Visual Total is shown?

Any hint is appreciated ;-)


Restrict SSAS dimension hierarchy to show based on role


I am having an issue that involves SSAS and Sharepoint.  I don't think I can fix the issue in Sharepoint, I think it has to be in my ssas cube.  THe issue is that in sharepoint I have a ssas filter webpart that displays the geography hierarchy based on the role that is defined in SSAS.  So if I have a user that only has permissions to Switzerland than they will see the geography hierarchy as (Region, Sub Region, Area, Country)

All Sales Region


         Eastern Europe



What I want to know is in SSAS can I restrict the hierarchy to only show country if the user belongs to a certain role.  So what I want to basically say is if the user belongs to SSAS_CH then the hierarchy should just show Switzerland, not All Sales Region > Europe, etc....

Can this be done?



How can we show certain no of dimension only for two different users having different role in a sing



well i might be having a security problem so i just want to know that can we show certain dimension to one user say  (i.e 10dimension for A user and 15 dimension for B user having different user role in a single cube.)

Please any one help me out soon and give some ideas...so that i can solve my issue ,can we solve this issue naa.. :( ..!!!


Anil Maharjan

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend