I'm working on implementing measure level security and am looking for a simple way to implement it. I've created a role called "Project Managers", and have made a domain group a member of the role.
I've set up this role with access to the dimensions and measures they need. The one thing I need to deny access to are certain calculations in the cube.
How would one define security for calculations in the cube? I've seen some solutions that call for converting calculations into some other type of "structure", but there are dozens of calculations in this praticular cube - which I inherited by the way - so rewriting the cube isn't a real viable option in this case.
Is there come way to just write some type of MDX statement(s) to define security on the calculations in question?
When I created the attribute security, SSMS generated the allowed member set thusly:
{[Measures].[Hours], [Measures].[Default Bill Rate], [Measures].[Est Hours-Quantity], [Measures].[Total Invoice Amount], [Measures].[OOP Invoice Amount], [Measures].[LINE TOTAL]}
Would I just essentially do the same thing, only substitute the names of the calculations in the cube and then place the MDX in the Denied Member Set section of the role definition dialog??Thanks!!
A. M. Robinson