FM Security

[cognos05]

Hi ,

I have mostly been building cubes in transoformer and using custom views for security .
I wanted to understand if whats the right place to define security for a fm model having a star schema .

Assume  I have dimensions like product and customer and a fact table sales .

So i have this customer table having customers belonging to different regions and areas.

so now if i define the security on customer table , will it show all records in the fact if the customer is not used in the query and if just product and sales are used?

so any row level filters has to be done only on fact table ?

If we define the row level security on a fact table , then can users see all the values of customer table ?

so how does this concept work here , should we maintain security on both places?

Example say i have to create a group who can see only customers sales from region1 , so should i now filter the fact for this group with region1 or should i filter the query subject customer with value for region1 .

Any suggestions is appreciated.

Thanks,

[bus_pass_man]

I ended up creating the security filters on both the fact tables -- to ensure that all queries would be filtered to only show the values allowed, no matter whether a particular dimension which has a security filter is in the query or not -- as well as the dimension tables.  It produces duplications of the filter but if there is a magic way to do it otherwise, I have not seen it documented.