This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 11%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Hi There,
We are using a SSAS Tabular cube in our project and we implemented the role based security as mentioned below.
Role A - implemented object level security
Role B - implemented object level security
Role C - implemented object and row level(using DAX expression) security
they were 2 users who were added to above roles like mentioned below
User 1 - was part of Role A and Role B
User 2 - was part of Role A and Role C
post the cube security implementation, User 1 was able to access all the objects available as part of Role A and Role B
while it was throwing the below error while User 2 was trying to access the cube. Can any one help me ,what was the issue.
FYI: i implemented the similar functionality in my previous project and it was working fine.
Thanks
Santosh
A Microsoft online analytical data engine used in decision support and business analytics, providing the analytical data for business reports and client applications such as Power BI, Excel, Reporting Services reports, and other data visualization tools.
Hi @Santosh Kumar ,
Has your issue been resolved?
if you have any questions, please feel free to let me know.
If the answer is helpful, please click "Accept Answer" and upvote it.
Regards,
Joy
Hi @Santosh Kumar ,
i implemented the similar functionality in my previous project and it was working fine
It is currently not possible to have a user in multiple roles for row and object level security with dynamic filters. You need to be aware of with the way security works when users are part of multiple roles.
The exposure is very different with multiple roles. The security filters within a single role are combined with a logical AND. Where as the security filters for multiple roles are always unioned together, effectively combined with a logical OR. This is not a problem if the roles are filtering the same table eg. Customer[Country] = "USA" and Customer[Country] = "France" - in that case you get the expected result.
But it is very different if you have filters on different tables. For example if you have 2 filters on different tables like:
If these are specified in one role then you will only see data where Customer[Marital Status] = "M" AND Product[Color] = "Red"
If these are specified in two roles you will see data where Customer[Marital Status] = "M" OR Product[Color] = "Red" so you will see other colors for married customers and you will see other marital statuses for red products.
Best Regards,
Joy
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.