Using User login in rule to define Cell-Level Security

[Jonsulli]

Is it possible to use login information to define a specific access rule to a Cell-Level Security cube ? Because I can't use dimension security when I use a cell-level security cube.

[qml]

You can't do it directly, for 2 reasons. Firstly, the function TM1User() doesn't work in rules. Secondly, all security rules come into effect only when you refresh security, which means you would have to refresh it every time a person logs in.
There might be a way around it if you find a method of forcing a user to run a TI process whenever they log on. This TI process could get their user name, write it to a lookup cube (that would be used in the rule) and refresh security. That would be an awful solution, to be honest, but possible.
Another option - create 1 group uniquely assigned to each user (could be using rules if your naming convention is coherent) and use these groups in your cube security rules. Workable only if you have relatively few users.

[Jonsulli]

Thanks for your quick answer qml. You're right TI woud be a bad idea here.

However, I am surprised I can't combine the dimension security with the cell-level security then, may be i made a mistake and I shoud be able to combine both of them ?

[qml]

That's the way it works - cell-level security overrides any other security settings. Plus the impact on performance can be significant. Only use it if you absolutely have to and there is no way around it (like creating separate cubes with subsets of data that you want to give to specific users) or if the cube is very small anyway.

[David Usherwood]

While not challenging the potential performance hit of cell security (albeit I have'nt encountered it at my clients) you can of course link the element security cubes into your cell security rules.

[Jonsulli]

Thanks qml, i have no choice to use it now.
Well David, I will try this right now !