Implementing dynamic dimension security
In the previous section, you learned how to restrict a role's access to certain dimension hierarchy members. This worked well for a dimension with few categories and a single role. As long as you can group users into a few roles depending on their job function, this approach will suffice. However, when the number of roles grows to hundreds, you'll find that managing security can become very cumbersome and tedious. Clearly, creating a new role to expose a specific data set to each retail customer is unacceptable. Fortunately, you can work around this limitation using a security measure group.
Although it takes several steps to implement, the security measure group utilizes relatively straightforward concepts. You need to identify the attribute to secure, perhaps the sales territory that each cube user should be able to browse. Next, you create a measure group defining the mapping between the user and sales territory. The security role will then use the...
