Assume that you have a role that is defined with dynamic security based on USERNAME in a database of Microsoft SQL Server 2012 Analysis Services (SSAS 2012) or SSAS 2014. When two users in this role run the same client report (The same Multidimensional Expression (MDX) or Data Analysis Expressions (DAX) query is submitted in this manner) at the same time, one user cannot obtain the data as expected but instead obtains data that belongs to another user.
For example, Employee A and Employee B are both members of a security role. Employee A opens the report in Excel service first, then B opens the same report immediately when A's report is still executing (the underlying MDX is still running). In this situation, A will see the correct data as expected. However, B will see A's data unexpectedly.
The issue was first fixed in the following cumulative update of SQL Server.
Cumulative Update 4 for SQL Server 2014 /en-us/help/2999197
Cumulative Update 2 for SQL Server 2012 SP2 /en-us/help/2983175
Cumulative Update 11 for SQL Server 2012 SP1 /en-us/help/2975396
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.