Restricted data is not protected correctly by OLS in SQL Server 2017 Analysis Services

Applies to: SQL Server 2017 on Windows

Symptoms


There is a potential leak of restricted data that is not protected correctly by the Object-Level Security (OLS) system in Microsoft SQL Server 2017 Analysis Services. The OLS system does not restrict access to data and metadata correctly in cases in which a measure that is defined in a query has a reference to a secured column or table. For this reason, the restricted data is exposed. Because of this vulnerability, a user can bypass the protection and get access to the restricted data.

References


Learn about the terminology that Microsoft uses to describe software updates.