150 IBM Cognos Dynamic Cubes
If there are no security filters for a hierarchy, all members are visible in the hierarchy.
However, absence of security filters on a hierarchy differs from the built-in
Grant All
Members
security filter.
If there are security filters, but none of the filters have a grant scope, all members that are
not explicitly denied will be granted.
7.3 Grant versus deny approaches to security
In Dynamic Cubes dimensional security, deny has precedence over grant. After a member is
explicitly denied, it cannot be accessed. Using a combination of deny filters further restricts a
access of the user to the members in a hierarchy. Conversely, using a combination of grant
filters builds out a user’s access to the members in a ...