Consider the following scenario:
- You implement dynamic security for an Analysis Services database in Microsoft SQL Server 2012 or SQL Server 2014.
- You add a logon ID (domain\username) to a database role that has denied access to a specific dimension member.
- You connect to the database by specifying the given logon ID and the database role in the connection string.
- You create a session cube based on an existing cube that you have read access to.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.