Dynamic Member Security

Admins can configure dynamic member security based on scripts, rather than basic member security based on static selections. This is the equivalent to setting row-level security dynamically. This enables admins to set efficiently security based using logic (using Identity functions), rather than by manual element selection.

Note: while basic member security is available for all supported data models, dynamic member security is not supported for MS OLAP, Tabular, SAP BW and SAP Hana models and cubes.

PQL Script Editor for Security

You can build your script in the PQL Editor, which displays a range of PQL functions and the meta-structure of the data model.

How to Set Dynamic Member Security

  1. After choosing the relevant data model and role, open the Member Security panel.
  2. Choose the required hierarchy from the Select Hierarchy panel.
    • Security tables and columns will appear under Member Security, and will displayed in red font; you can use them to build your script if relevant.
  3. Switch from Basic to Script from the drop down.
  4. Choose whether to enable or disable the members for the given role.
  5. Write your script; click Advanced Script icon (blue arrow) to open the PQL Security Script Editor.
  6. Click Apply to save changes.

Security Tables

If the data model contains security tables or columns, these will appear in the Select Hierarchy panel under Member Security, and will be displayed in red text (red highlight below).

Security tables are like normal tables but are often included in the data schema to allow for efficient scripting options when creating dynamic security logic. In this scenario, member security can be set for these hierarchies, and they can be used to build custom sets which are targeted to specified user roles using the PQL Identity functions when working from script mode.

Importantly, security tables are ONLY visible in the security editor for this purpose. They are not shown to end users for normal analysis, scripting or logic.