Analysis Services

Dynamic Security white paper

From Richard Tkachuk’s site, a new paper on setting up simple dynamic security in AS2005:
…although it doesn’t mention any of the more complex ways of implementing dynamic security, such as calling a sproc to return the allowed member set or persisting the permissions inside a measure group. Incidentally there was an interesting thread on the MSDN Forum recently that had some interesting comparisons between how these two approaches performed:
To be honest I’ve gone off the idea of dynamic security because of the performance implications – it stops you making full use of caching. It would be interesting to see a comparison of query performance in complex security scenarios between dynamic security and creating individual roles.

5 thoughts on “Dynamic Security white paper

  1. > I\’ve gone off the idea of dynamic security because of the performance implications – it stops you making full use of caching
    This is interesting statement. I wonder why you singled out dynamic security, because any security stops you making full use of caching. Dynamic aspect of security is for the ease-of-management.

  2. Yes, but isn\’t it true that since dynamic security uses the UserName() function it stops the sharing of formula engine caches between users, unlike regular security roles?

  3. There is nothing magic about UserName function (no parethesis). The caches are not shared, because different roles have different data. Therefore whether you create multiple roles, or just one using UserName function – the FE caches won\’t be shared between roles/users in either case.

  4. Sorry, I\’ve been really bad at explaining myself… What I\’ve been meaning to say all along but not got round to saying is that in any large scale security implementation there are going to be multiple users who share the same access rights. In this case, using dynamic security, users who had the same rights would not be able to share FE caches whereas if they had been members of the same non-dynamic role they would have been able to. Isn\’t that right?

  5. I agree – it would be nice if someone stepped up to a "formal study" on various security options like:
    – Dynamic Security
    – Dynamic security with sproc
    – "Regular" dimensional role security
    – also HTTP access overhead

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.