Skip to main content
To homepage To homepage
Question

Security on dimension issue

  • February 18, 2025
  • 4 replies
  • 78 views
R
Contributor

Hello,

Strange behavior and tricky to explain but I will do my best.

I have a dimension (company) where I have set security on. So I created different roles (by company) and for example the role = Company1 will only see data related to Company1.

So I have several roles and some users are allocated to different roles, meaning they are allowed to see data form Company1 and Company2 and they can use that Company dimension to filter.

The strange behavior is that those user only see part of the data of Company2.

Example is production orders, when they look into the report with company filter they see ± 20 production orders. When I look at the report (and I have no limited security) I see 500 production orders.

So I am a bit confused and not sure how to solve it. When I add a user to the Role with no security they can also see everything. 

I would better understand if they would see nothing of Company2 but they do see limited data.

Any idea how to better investigate ?

Also it is hard to remove a user from a role as I am using groups for that and I can not remove a group as then a lot of people will not have access anymore.

Thanks and best regards,

Ronny

    4 replies

    Thomas Lind
    Community Manager
    Forum|alt.badge.img+5
    • Thomas Lind
    • Community Manager
    • 1017 replies
    • February 19, 2025

    Hi ​@rluyten 

    Are you using individual users in the row level security setup, or is it just the role members option?

    Do you have multiple row level security setups for the company field you added this to?

    R
    Contributor
    • rluyten
    • Author
    • Contributor
    • 11 replies
    • February 19, 2025

    Hello Thomas, I took some screenshot of how the security is setup.

    I hope this answers your question.

    Ronny

    1 Attachments
    anders.e.jonsson
    Contributor
    Forum|alt.badge.img+1

    Hi ​@rluyten 

    Depending on the type of endpoint you use, it may be a good idea to analyze it.
    For example, if it is an SSAS database, you can look at which members are included and what the filters look in the roles there. You can also script out the roles, or the entire database.
    That might be a way to back track the problem.

    BR
    Anders

    Anders
    Thomas Lind
    Community Manager
    Forum|alt.badge.img+5
    • Thomas Lind
    • Community Manager
    • 1017 replies
    • March 10, 2025

    Hi ​@rluyten 

    Sorry for the delay.

    I have looked at it.

    You can set rights in two locations.

    On the main dimension and on the dimension in a specific cube.

    By default you inherit from the main dimension, but you can set some specific ones on the cube that goes besides that.

    The content of your company dimension would follow the primary key. It will not contain a value if it did not have a unique rule. 
    If there are sub levels to a company, then obviously this makes it possible to make individual rules for specific users or groups.

    For example I have a customer dimension

    I could make individual rules on all the levels that doesn’t directly follow the Customer key field.

    If you need to make different rules, you can add the same dimension multiple times into the cube and make different rules for both. If the right is set on a high enough level they wont be able to see he other one.

     

    Reply


    Most helpful members this week

    Terms and ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings