Hi,
We are running SSAS 2019 Tabular Models. We have multiple roles setup, each role linked to a security group in active directory. The roles are used to hide fields within the cube for certain users.
We have discovered that if we move a user from one active directory group to another, and therefore now belong to a different role, the users permissions do not change. They continue to have the same access as if they are in the original role. This extends to access to an entire model. If we add them to a new active directory group to give them access to anew model, this also doesn't work.
If the user did not have any permissions to begin with the changes do apply.
The only way to reset the permissions is to rebuild the cube. Refreshing the cube or doing a CreateAndReplace on the roles makes no difference.
We have been using tabular models for 6 years and it's only recently that we've found this issue. It's not a common thing to move people around but in the past we never had this problem. I've found the last two users we've made these changes, they have both failed to get new permissions and a cube rebuild or recreating the user was necessary.
Anyone else had this problem. It sound bizarre and i expect there is a good reason why this is happening and there is an easy fix.
Regards.
Simon.