nerdexam
Microsoft

70-466 · Question #160

You are designing a SQL Server Analysis Services (SSAS) cube. You need to implement custom security. The cube contains a Product dimension. Users are part of either the Sales, Marketing, or Product Ma

The correct answer is A. Create three roles and define security on the Product dimension attributes by using dimension data security.. Three separate SSAS roles with dimension data security correctly restricts each group to specific product category members while supporting independent custom business rules per role.

Configure and maintain an analysis services database

Question

You are designing a SQL Server Analysis Services (SSAS) cube. You need to implement custom security. The cube contains a Product dimension. Users are part of either the Sales, Marketing, or Product Managers roles. Sales users must be able to view only products that belong to the Bikes category. Marketing users must be able to view only products that belong to the Clothing category. Product Managers must be able to view all products. The solution must support multiple security groups and custom business rules. What should you do?

Options

  • ACreate three roles and define security on the Product dimension attributes by using dimension data security.
  • BCreate one role and define security on the Product dimension attributes by using dimension data security.
  • CCreate three roles and define security on the Product dimension attributes by using attribute security.
  • DCreate one role and define security on the Product dimension attributes by using attribute security.

How the community answered

(25 responses)
  • A
    76% (19)
  • B
    12% (3)
  • C
    4% (1)
  • D
    8% (2)

Why each option

Three separate SSAS roles with dimension data security correctly restricts each group to specific product category members while supporting independent custom business rules per role.

ACreate three roles and define security on the Product dimension attributes by using dimension data security.Correct

Creating three distinct roles allows Sales, Marketing, and Product Manager users to each have independent security definitions, preventing permission conflicts between groups. Dimension data security in SSAS uses MDX-based allowed member sets to filter which dimension members (Bikes, Clothing, or all products) are visible to members of each role. This combination directly satisfies the requirement for multiple security groups with separate category-level visibility rules.

BCreate one role and define security on the Product dimension attributes by using dimension data security.

A single role cannot independently restrict different users to different product categories because all members of one role share the same permission set.

CCreate three roles and define security on the Product dimension attributes by using attribute security.

Attribute security controls access to dimension attributes and hierarchies themselves, not the specific member values within a category such as Bikes or Clothing.

DCreate one role and define security on the Product dimension attributes by using attribute security.

One role with attribute security neither separates permissions by user group nor filters dimension members by category value, failing both requirements.

Concept tested: SSAS multidimensional dimension data security role design

Source: https://learn.microsoft.com/en-us/analysis-services/multidimensional-models/grant-custom-access-to-dimension-data-analysis-services

Topics

#SSAS roles#dimension data security#attribute security#custom security

Community Discussion

No community discussion yet for this question.

Full 70-466 Practice