Skip to Content
avatar image
Former Member

Security Access to Parent but not Base member

In BPC Security, Is there a way to provide access to a parent member but not to the children that the parent rolls up to?

The user needs to see the aggregate amount in the Parent, but the requirement is for them to not have access to the child entities that make up that parent.

For example, say Entity is a secure Dimension, and I have Parent MyParent1. Under MyParent I have Child1, Child2, Child3.

The requirement is to allow the user to see the aggregate value in MyParent1, but not be able to see the values in Child1, Child2 or Child3.

Greg

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Jun 21, 2010 at 07:35 PM

    I think there are 2 possiblities. One is to grant the user his own member access profile (since a user canhave more than 1), and ONLY give him access to the Parent. The non out of the box way I can see doing that is to write the aggregate value to a standalone member in a seperate or same parent hierarchy. That way the values are dsiconnected.

    Hope this helps.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      If I'm not mistaken, once you grant access to a parent, you automatically give access to all of its children.

      I agree with the 2nd method, you can create a new member in which you inject the value of the parent (via an MDX formula for example).

      Hope this helps

  • Jun 22, 2010 at 04:09 AM

    Hi Greg,

    When you give access to parent it automatically assigns all the childunder that parent access to it. So you cant give access to only parent.

    You can try as suggested by creating a new dimension but it wont be feasible if there are many parent level as well.

    Regards

    Raman

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 22, 2010 at 05:53 AM

    Hi

    I haven't done this but,

    What if you assign the user to a dedicated MAP with Read / Read&Write to the Parent and Deny one by one the children below it ?

    Would you get the result you want ?

    Halomoan

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I had to get back to the admin. guide to review how map work, it's not 100% clear but I think it's feasible the way you describe it.