Example 3—Using the Except Function to Exempt Members from a Denied Set

In this example, a database role has the dimension security settings that are shown in the following table.

Attribute	IsAllowed	AllowedSet	DeniedSet	ApplyDenied	VisualTotals
State	True			True	False
City	True		EXISTS (City..Members, EXCEPT (State.members, {CA}))	True	False
Gender	False			True	False

The results of these dimension security settings are the following:

• The denied set that is specified for the City attribute limits the visibility of descendants of newly added members of the State attribute through the EXISTS and EXCEPT key words.

• The Gender attribute is not visible because the IsAllowed property for this attribute is set to False.

Reviewing the Result Set

Based on these dimension security settings for the role (and based on cube access to all cells), the following result set is returned from the cube when all members are queried.

All Level	State	City	Gender	Sales Amount
All Offices				27300
	California			12900
		San Jose		4200
		San Francisco		4400
		Los Angeles		4300
	Washington			8700
	Oregon			5700

See Also

Tasks

Granting Custom Access to Dimension Data

Concepts

Example 1—Explicitly Specifying an Allowed Set

Example 2—Explicitly Specifying a Denied Set

Example 4—Using the Exists Function to Exempt Members from a Denied Set

Example 5—Using the Exists Function to Specify an Allowed Set

Example 6—Using the Exists and Except Functions to Specify Allowed and Denied Sets