Implementing cell-level security
Restricting access to specific dimension members is normally sufficient even for very granular security schemes. However, in rare cases, you might have a need to secure individual cells in addition to specifying allowed and denied dimension member sets. Although I discuss cell-level security here, be warned that securing at the cell level can cause severe performance issues, particularly, for large cube implementations.
You can grant read-only, read-write, and read-contingent permissions at cell level. Read-write permissions only apply if the cube write-back is enabled. Read-contingent permissions define SSAS behavior for cells that are defined from other cells that are known as calculated members. If you grant read-contingent permission on a calculated member, you must ensure that the same role also has access to the members included in the calculated member's definition.
In addition to imposing performance overhead, cell-level security also introduces an...
