FIX: User obtains incorrect data when two users in the same security role run a client report in SSAS 2012 or SSAS 2014

Applies To
SQL Server 2012 Analysis Services

Symptoms

Assume that you have a role that is defined with dynamic security based on USERNAME in a database of Microsoft SQL Server 2012 Analysis Services (SSAS 2012) or SSAS 2014. When two users in this role run the same client report (The same Multidimensional Expression (MDX) or Data Analysis Expressions (DAX) query is submitted in this manner) at the same time, one user cannot obtain the data as expected but instead obtains data that belongs to another user.

For example, Employee A and Employee B are both members of a security role. Employee A opens the report in Excel service first, then B opens the same report immediately when A's report is still executing (the underlying MDX is still running). In this situation, A will see the correct data as expected. However, B will see A's data unexpectedly.

Resolution

The issue was first fixed in the following cumulative update of SQL Server.

Cumulative Update 4 for SQL Server 2014 /en-us/help/2999197

Cumulative Update 2 for SQL Server 2012 SP2 /en-us/help/2983175

Cumulative Update 11 for SQL Server 2012 SP1 /en-us/help/2975396

About cumulative updates for SQL Server

Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

      

      

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.