Traditional web-based reporting with SAS BI tools

Identity dynamic Member Level Security

Reply
SAS Employee
Posts: 105

Identity dynamic Member Level Security

Hi, Im trying to make per-person distinctions for the rows in a the members in a dimension.

I am using the USERID identity-driven property.

it works fine when i open the OLAP CUBE in the SAS EG 4.2, but when i am trying to open it with WRS 4.2 im geting the following error:

An error occurred in processing the report element. Please refresh the page to try again. Contact your administrator if this problem persists.

[a13136480061980.9474379268020503_0_0] שגיאה בעיבוד הדוחUnable to access the OLAP server for cube HAIM_OPERATING.

What could be the reason for that behavior?

Regular Contributor
Posts: 207

Identity dynamic Member Level Security

Hi yonib,

I am not even sure if this is a problem with member level security. Can you open cube data in WRS 4.2 which is not using member level securty or even completely different cube data?

SAS Employee
Posts: 105

Identity dynamic Member Level Security

Hi  Metalary,

Thanks for your help. Yes, I can open cube data(the same cube and different cube data)  in WRS 4.2 which is not using member level securty.

Contributor RSB
Contributor
Posts: 72

Re: Identity dynamic Member Level Security

Hi Yonib,

It would be helpful for anyone to answer if you could provide some more information or sample on how the member level security has been applied on the cube. Applying security based on the user id can be tricky and I guess it requires that the member in the dimension has to match the user id.

If you are using the OLAP Cube Studio 4.3, you may use the new batch security tool.

SAS Employee
Posts: 105

Identity dynamic Member Level Security

Hi RSB,

Im using SAS BI VERSION 4.2....

First I set up member level security on a dimention ,in the managment console:

  • Select the Authorization Manager [arrow] By Type [arrow] Dimension and drill-down to a dimension.
  • Right-click the dimension and select Properties.
  • In the dimension's Properties dialog box, select the Authorization tab. I Selected the SASUSERS group to be restricted. In the Effective Permissions i added  an explicit grant of the Read permission for that or group.
  • I opened the Add Authorization dialog box and put the following mdx:{ Descendants([Dim_TEAM].[Dim_TEAM_1].[All Dim_TEAM_1].[SUB:Smiley FrustratedAS.Userid])}

When I open the cube  in the EG its works good without errors-i get the information that relevant  to the user (in this case it is me) who can only see the subset of data he had been granted access to.

But when I opened the cube in the WRS I get the ERROR message: Unable to access the OLAP server for cube.

We can't figure this out, Why in the EG its works fine and in the WRS its not working ?

SAS Employee
Posts: 238

Identity dynamic Member Level Security

There is a documented issue with SAS Management Console that was fixed in release 9.2M3.

If you are unable to get the new SAS Management Console version, you can manually fix the MDX code to include the higher levels in the dimension.

Included is the SAS Note:  http://support.sas.com/kb/36437

Also - to further troubleshoot MDX from Web Report Studio you can turn trace logging on. Included are instructions on how to do this: http://support.sas.com/kb/36728

Angela Hall

http://blogs.sas.com/content/bi

Post a Question
Discussion Stats
  • 5 replies
  • 430 views
  • 0 likes
  • 4 in conversation