Skip to Content
0
Jul 11, 2011 at 08:10 AM

Security - Invalid members restriction

19 Views

Dear Experts,

In one of our dimension master, many members are invalid. So our management has dicided to restrict certain users not to see these invalid mambers from CV(in excel and web). When we try to deny acces for these members in different profile(member access profile) it is not working as explained in security document.

Eg:Entiry dimension hierarchy is as below

H1

WorldWide

-Sales

---Sales Asia

-


Sales Korea

-


Sales Japan

---Sales Europe

-


Sales Italy

-


Sales France

**User1 does not belong to any team.

  • There are two member access profiles: ProfileA and ProfileB.

**Both the profiles are assigned to the user.

The member access profiles are described in the following table:

Member access profile| Access   |Dimension  |Member
-----------------------------------------------------------------
ProfileA                    |Denied      |Entity         |SalesAsia

ProfileB                    |Read Only |Entity        |Sales

In this case, the least restrictive profile between the two, ProfileB (Read Only), is applied. As a result,

ProfileA is ignored by the system, and User1 is able to retrieve data from both SalesKorea and

SalesItaly.

If we define both in same profile as follows its working fine.

Member access profile| Access   |Dimension  |Member
-----------------------------------------------------------------
ProfileA                    |Denied      |Entity         |SalesAsia

ProfileA                    |Read Only |Entity        |Sales

In this case User1 is able to see Sales Italy data but not Sales Asia.

We can achieve our requirement by maintaining all existing profiles by adding invalid members as denied. But we have to change many profiles(100+) . Thats why we are trying to include all invalid members under one profile (for easy maintainance) and assign this at team level.

Is there any way to acheive this with out changing existing profiles.

Thanks in advance...

regards,

Raju