We’ve build a Finance OLAP Cube in SSAS which is mostly used/browsed by Accountants. Due to a “self-service” policy that is followed, users are in the meantime required to make use of Excel (with a data connection to the cube) as their reporting and/or analysis tool.
One of the dimensions, the Accounts dimension, contains the full list of accounts including a Chart of Accounts hierarchy. After the initial launch of the cube, users started to request alternative/custom Account hierarchies to cater for their reporting.
Most of these requested hierarchies (apart from the Chart of Accounts hierarchy) contain only a portion of the full list accounts e.g. Management Expense Hierarchy.
The initial approach was to create e.g. a Management Expense Hierarchy within the Accounts dimension with a “not applicable” attribute name for the non-management expense accounts. Users then needed to deselect the “not applicable” name from the “Management Expense Hierarchy” Pivot Field List in Excel whenever they dragged this hierarchy into the “rows” field. Not all users were satisfied with this option and requested that they only wanted to see the relevant accounts without deselecting items which lead us to utilize the attribute hierarchy select/deselect members of the Dimension Data section from Roles – which was not a successful.
The next approach was to utilize the Dimension Hierarchy Level Property – HideMemberIf “No Name” in order to show only the relevant Expense Management hierarchy levels/members and hide the non-management expense accounts.
This was achieved by creating a dimension called “Management Expenses” and adding an additional foreign key column in the fact table with a relationship to the Management Expense dimension. The non-management expense accounts were populated with a -1 key and a NULL attribute name.
The desired results were achieved in Excel with the HideMemberIf “No Name” BUT the “Grand Total in Excel” still shows the sum of ALL accounts
Excel Hierarchy Example
Any suggestions in order to resolve the “Grand Total” issue – i.e. to exclude the -1 entries also … will be much appreciated.
Can you create a scope statement in cube to nullify any values for your -1 entries?
Related
I am having a little trouble figuring out how to properly filter from the one side through a many relationship and back through to another one sided table.
The issue is that a Customer can have multiple accounts which can have multiple Customers.
In the attached image I am trying to filter from a Center# through the All Customer level and then add a filter on the List table to get the correct open accounts.
So the example would be I am looking for all Customers that are associated with Center A and are attached to an account type A.
The inactive one to many relationship from All Cust -> All Accts is what needs to be active instead of the All Cust -> Open table.
I am currently using:
CALCULATE([Cust Enrolls],CROSSFILTER('All Cust'[All Customer Number],'Open'[Primary Customer Number],Both))
to be able to filter for the account type, but that table's customer is just the single primary customer.
Any ideas on how I should either rework the model or how to create the correct measure?
Model
I would recommend re-working your Data Model so that you have a clear 1-M for each dimension table to your fact tables. This will save you a tremendous amount of time and headaches now and in the future by structuring your data properly.
I am building up a list that each list item will have certain permission groups applied by a workflow.
Other than the admin group which is applied to every item, it will be virtually impossible for any one group to have more records in any fiscal year that will exceed the list view threshold.
If a fiscal year list view filter webpart is provided will the view quantity stay below the threshold because of the item level permissions?
Indexes are set on Fiscal Year, Item Code, Department.
The threshold is on the original view and not on the filters applied to the view after the fact. The search web parts aren't affected by the threshold. That may be an alternative option for you.
Also, you may want to revisit your design if you can. You may eventually experience performance issues with all of those unique permissions.
I have to embed a PowerBI scorecard visual on a website. I've set up the scorecard in PowerBI Desktop, and it looks fine; the slicer for the scorecard filters the employee name.
I'd like for the employee that visits the company website to see only their data in the scorecard- in other words, their presence on the website would automatically filter the scorecard to reveal their statistics only. Fortunately, they have to login to the company's website by providing their Windows credentials.
I'm not sure how to go about doing this. I understand that I have to use the "Security" portion of the "Modeling" tab, and I've (successfully) created an explicit role for one viewer by using the following code:
'Table1'[Employee Name] = "John Smith"
Of course, this only reflects John Smith's statistics when I click "View as Roles." I don't think it's practical to explicitly write a DAX code snippet for every single employee, since my company has 3000+ employees.
Can anyone share any instructions, or lead me to some?
Thank you in advance.
I had to deal with a similar issue, though we view our dashboards within the Power BI service, so that is the authentication I am familiar with. The basis for this form of dynamic row level security is that the expression written is evaluated for each row in the indicated table to either True or False.
If your user has signed in to the you will be able to determine the identity using USERPRINCIPALNAME(). This is the email address they use to sign into the service.
Since you are displaying data specific to that user, it is possible you already have their email in your data. If that is the case, and it is simply another field in your table your validation line would look something like:
'Table1'[Email] = USERPRINCIPALNAME()
The left side of the expression refers to the row you are referencing, while the right will supply the name of the authenticated user. If you don't have that available in your existing data, you could use a DAX expression to lookup the Employee name from a list of emails and their associated names.
In this case, you only have one role which everyone needs to be assigned to, and the logic above will determine which rows they can see.
This is a simple example in which each employee can only see their own data. The model can be extended by creating 'security tables' with users and their associated records, and then utilizing the CONTAINS() function to check authorization, but it sounds like you have a 1-to-1 relationship with what individuals should be able to see.
I've encountered the following problem - I already have a working cube that processes lots of data on a schedule. The requirement I got now was to restrict the data in the cube according to specific logins. I'm aware of dynamic SSAS cube security through roles or even logins but I don't see them helping me as I have a kind of a hybrid scenario, and it is as follows:
For example, imagine you have a cube processing sales and income of an international trading company, and you belonged to a role of country directors; what I want to do is adjust permissions so that every country director sees all the measures and dimensions, but they see sales/income only from their country.
Is this possible?
All help is appreciated.
EDIT: I might not have made the best example above. My scenario is slightly different, in a way that there isn't a business rule that would place any two users in a same group. Basically, every user has to see only data that somehow refers to him/her. And this really can't be done manually as there's over 4000 users...
Best regards,
MK_
Yes, both Tabular and Multidimensional SSAS have row filtering options. In your scenario you need:
A Country dimension
Create a role for each Country that has directors
Assign each director to their specific role
Row filter each role by their correspondant Country dimension
If you connect an Excel pivot table to anlysis services, the Dimension in the field list show all their available attributes (that then can be pulled into the pivot). Our client wants these attribute names to appear in the selection list in a predefined ordering (not alphabetical). How can this be achieved ?
The short answer is: You cannot.
But what you can do is using display folders: For each attribute, you can define the "AttributeHierarchyDisplayFolder" hierarchy, for user hierarchies, the property is just called "DisplayFolder": You can enter any text for this property. Then, Excel displays the attributes/hierarchies within folders as configured. The folders are sorted alphabetically within the dimension, and the attributes/hierarchies are sorted alphabetically within the folders again. But by defining appropriate folder names, you can influence the display order at least partly.