Implementing dynamic security
Implementing security through roles that contain hardcoded row filters is a very convenient way to manage data access to the model. It's also relatively easy to understand.
However, some downsides of that method are that the roles require creation and maintenance. Imagine a situation where hundreds or thousands of detailed roles have to be created; this would require a lot of work! Further, while the use of Active Directory groups is convenient from a model's administration perspective, it removes a large amount of control from the BI environment (and the BI department). Often, this is not desirable (especially in smaller departments and agile environments) as the BI team is solely responsible for administering security.
One way of allowing the BI team to administer security is to create the security model as an artifact of the model and have security applied by reference to that artifact. This is commonly referred to as dynamic security because the model implements...
