Hi,
It's definitely an SSAS thing. The above info gave me an idea.
After some research i ran the following:
Select * from $System.Discover_Connections
I showed there was an active connection. I then ran the following to kill that connection.
<Cancel xmlns="http://schemas.microsoft.com/analysisservices/2003/engine">
<ConnectionID>6097</ConnectionID>
<CancelAssociated>1</CancelAssociated>
</Cancel>
Changing permissions, running this for the relevant connection we reset the security and allow it to be applied.
I am not sure whether this supposed to happen but at least now i've got a solution. Changing of permissions is all done via applications so we could reset the persons connection if we change their permissions.