There are a lot of questions in here.
First, if all your cubes are sharing the same scenario dimension, then it is true that any security groups you put here on any scenario:
Are not cube specific. The security groups above apply to all cubes in which those scenarios are used.
Are you saying that you have for example S#Actuals which has a security group of "003_SCN_ACTUAL_READ" by example, and in CB#Cube1 :S#Actuals certain people can read actuals but in CB#Cube2:S#Actuals, those same people should not be able to read actuals?
One option is to control security at the cube level. For example, either grant or deny cube access here:
But if those people need access to both cubes, and should just not have read to Actuals in one cube but should have it in another cube, then this will not work.
Then your next option is slice security. Slice is specific to the entity dimension and cubes. If your two cubes do not share the same entity dimension, then you can turn on slice for the cube in which you want to restrict people from reading Actuals by setting all entities in that cube to True here:
And then set up slices on that cube to restrict people's read access to Actuals.
If they share the same entity dimension, you would still set the above to True, but then only set up slices on the cube to which you are trying to restrict.
I hope that helps, hard to explain all the layers to security in a single post!
