Regarding security in Analysis server i've the follwoing requirements :
1 ) Regarding dimension security there is a requirement to dinamically target members of dimensions regarding previous selections of other members of other dimensions.
Suppose i have dimensio A with members a1,a2,a3 and dimension B with members b1,b2,b3. Each profile will tell me wich members of which dimensions are allowed to be selected and seen by the end-user. For example if a specific profile only allows the selection of Member a1 with Member b2, then if the user selects a1 from dimension A he can only se then member b2 from dimension B. Is this possible to implement this kind of requirement using UDF functions ? Which are the performance implications ?
2 ) Also we need to apply diferent levels of confidentiality to facts in the fact table. Using a dimension with those levels does not help because the user can only se the facts of his role (that' ok) but then the agregates will be incorrect (because the fact's that he can not see will not be included in the aggregation rules defined). Is there any way to hide facts from the user which does not have the correct profile to acces the fact and garantee that all oher values calculated are still the same ? I've tried using cell security and explicity witten MDX formulas too identity the cross-values that are allowed , but the combinations may be large and changing faster. Can i implement cell security based just on the security value of the fact ?