Dear Experts,
In one of our dimension master, many members are invalid. So our management has dicided to restrict certain users not to see these invalid mambers from CV(in excel and web). When we try to deny acces for these members in different profile(member access profile) it is not working as explained in security document.
Eg:Entiry dimension hierarchy is as below
H1
WorldWide
-Sales
---Sales Asia
-
Sales Korea
-
Sales Japan
---Sales Europe
-
Sales Italy
-
Sales France
**User1 does not belong to any team.
**Both the profiles are assigned to the user.
The member access profiles are described in the following table:
Member access profile| Access |Dimension |Member
-----------------------------------------------------------------
ProfileA |Denied |Entity |SalesAsia
ProfileB |Read Only |Entity |Sales
In this case, the least restrictive profile between the two, ProfileB (Read Only), is applied. As a result,
ProfileA is ignored by the system, and User1 is able to retrieve data from both SalesKorea and
SalesItaly.
If we define both in same profile as follows its working fine.
Member access profile| Access |Dimension |Member
-----------------------------------------------------------------
ProfileA |Denied |Entity |SalesAsia
ProfileA |Read Only |Entity |Sales
In this case User1 is able to see Sales Italy data but not Sales Asia.
We can achieve our requirement by maintaining all existing profiles by adding invalid members as denied. But we have to change many profiles(100+) . Thats why we are trying to include all invalid members under one profile (for easy maintainance) and assign this at team level.
Is there any way to acheive this with out changing existing profiles.
Thanks in advance...
regards,
Raju
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.