70-466 · Question #160
You are designing a SQL Server Analysis Services (SSAS) cube. You need to implement custom security. The cube contains a Product dimension. Users are part of either the Sales, Marketing, or Product Ma
The correct answer is A. Create three roles and define security on the Product dimension attributes by using dimension data security.. Three separate SSAS roles with dimension data security correctly restricts each group to specific product category members while supporting independent custom business rules per role.
Question
Options
- ACreate three roles and define security on the Product dimension attributes by using dimension data security.
- BCreate one role and define security on the Product dimension attributes by using dimension data security.
- CCreate three roles and define security on the Product dimension attributes by using attribute security.
- DCreate one role and define security on the Product dimension attributes by using attribute security.
How the community answered
(25 responses)- A76% (19)
- B12% (3)
- C4% (1)
- D8% (2)
Why each option
Three separate SSAS roles with dimension data security correctly restricts each group to specific product category members while supporting independent custom business rules per role.
Creating three distinct roles allows Sales, Marketing, and Product Manager users to each have independent security definitions, preventing permission conflicts between groups. Dimension data security in SSAS uses MDX-based allowed member sets to filter which dimension members (Bikes, Clothing, or all products) are visible to members of each role. This combination directly satisfies the requirement for multiple security groups with separate category-level visibility rules.
A single role cannot independently restrict different users to different product categories because all members of one role share the same permission set.
Attribute security controls access to dimension attributes and hierarchies themselves, not the specific member values within a category such as Bikes or Clothing.
One role with attribute security neither separates permissions by user group nor filters dimension members by category value, failing both requirements.
Concept tested: SSAS multidimensional dimension data security role design
Source: https://learn.microsoft.com/en-us/analysis-services/multidimensional-models/grant-custom-access-to-dimension-data-analysis-services
Topics
Community Discussion
No community discussion yet for this question.