In SAS 9.2, OLAP Member Level Security became that much easier to implement. From SAS Management Console, an administrator can navigate directly into the OLAP Cube Dimension, add a user, grant explicit 'Read' access and click a button to get a snazzy interface to add read or deny security.
The process to do this is explained in the SAS documentation: http://support.sas.com/documentation/cdl/en/olapug/59574/HTML/default/viewer.htm#a003212398.htm
By default, the Member Level Security setting only is applied to what levels within the dimension the user can see. So an important note, if you would like for the user's security to ALSO dictate what totals they can view, no matter which dimension is included within the report, you will need to UNCHECK the option 'Include secured member values in presummarized computations' on the first screen of the Cube Designer when you build the cube. Because you DO NOT want to include these secured member values in any presummarized computations - you need the SAS Metadata Server to authenticate the user to access certain member values & then run the calculations.
Included below is the screenshot where this option is available:
1 Comment
On the OLAP Server Users Guide you can find also an interesting feature available in 9.2M3: Applying Batch Security with Permission Tables
When applying permissions to a cube, you might need to address permissions for different combinations of users, groups, SAS OLAP Servers, schemas, and cubes, as well as different elements of the cube, including the dimensions, hierarchies, levels, and measures. For example, you might need to grant ReadMetadata and Read access to the group that contains specific cube users. Or you might need to restrict Read access for different components of a cube (dimension, hierarchy, level, or measure) using MDX conditions for each cube component, per user, consumer, or group. These various combined permission settings can be easily created and managed with batch security that is applied through permission tables.
Starting in the third maintenance release for SAS 9.2, you can specify batch security in SAS OLAP Cube Studio and SAS Data Integration Studio with the Manage Permission Tables function. The Manage Permission Tables function enables you to create a special SAS data set known as a permission table that contains cube access controls for submitting in bulk. A permission table is a table of access control information that can later be applied to a cube with batch SAS code. The Manage Permission Tables dialog box enables you to create and modify permission tables as well as import access controls (permissions) from a cube or an OLAP schema. You can also execute the code interactively or export the code to a file for use in a stored process or deployed job flow.
When a cube is created, security for that cube is determined by the permission settings that are found in the cube metadata. In SAS OLAP Cube Studio, permission tables will appear in the metadata tree as a table. You must have WriteMetadata access to create and modify permission tables. To access the Manage Permission Tables function in SAS OLAP Cube Studio, select Tools Manage Permission Tables. The Manage Permission Tables dialog box opens.