none
$cubeperm.Update() Fails "Either a permission for the role has already been created"

    Question

  • I can fully create roles in PowerShell using SMO but I can't create them in pieces. For example, if a role already exists and I want to update its cube access to Read or Read/Write, the update() gives the below response. Updating an attribute's AllowedSet for a Dimension gives a similar result. Can you update the attributes and various access after a role has been established?

    $rolenamefromquery = $SecRoleRow.Item("Role Name") "----------------------------------------------------" " + Processing Role: " + $rolenamefromquery #---------------------------------------------------------------------------------------------------------------------- $roleToModify = $ASdb.Roles.GetByName($rolenamefromquery) #$roleToModify = $ASdb.Roles.FindByName($rolenamefromquery) [Microsoft.AnalysisServices.Role] $roleToModify = new-Object([Microsoft.AnalysisServices.Role])($rolenamefromquery) foreach ($cube in $ASdb.Cubes) { “Giving [” + $roleToModify.Name + “] read access to the [” + $cube.Name + “] cube” $cubeperm = $cube.CubePermissions.Add($roleToModify.ID) $cubePerm.Read = [Microsoft.AnalysisServices.ReadAccess]::Allowed $error.clear() $cubeperm.Update()# | out-null }

    Produces:

    ----------------------------------------------------
      + Processing Role: TestExec
    Giving [TestExec] read access to the [Sales] cube
    Exception calling "Update" with "0" argument(s): "Either a permission for the TestExec role has already been created for this object, or the object does not exist.
    "
    At I:\SQL\Adjust Cube Access.ps1:50 char:9
    +         $cubeperm.Update()# | out-null
    +         ~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : OperationException



    I found a thread here similar to my dimension attribute example, where a moderator mentions that you apply Dimension.DimensionPermission.AttributePermission and then run Dimension.Update().  However, Dimension.Update at this level does not apply.  It needs DimensionPermission.Update() somewhere in-between.

    $roleToModify = $ASdb.Roles.FindByName($rolenamefromquery)
    [Microsoft.AnalysisServices.Role] $roleToModify = new-Object([Microsoft.AnalysisServices.Role])($rolenamefromquery)
        $dim = $ASdb.Dimensions.FindByName(“Dim Tracker”)
    
            $dimperm = $dim.DimensionPermissions.add($roleToModify.ID)
            $dimperm.Read = [Microsoft.AnalysisServices.ReadAccess]::Allowed
    
                $att = $dim.Attributes.FindByName(“Company ID”)
                $attPerm = $dimPerm.AttributePermissions.Add($att.ID)
                $attPerm.AllowedSet = “{[Dim Tracker].[Company ID].&["+$SecRoleRow.Item("Company ID")+"]}”
    
            $dim.DimensionPermissions.Add($roleToCreate.ID) | out-null
    
        $error.clear()
        $dimPerm.Update() # gives the error
        #$dim.Update() #Does Nothing Here but wanted to try

    "You can add multiple AttributePermission objects, but you add them under Dimension.DimensionPermission.AttributePermissions and you would call Dimension.Update() after adding mulitple AttributePermission objects to that collection not Cube.Update()."

    Darren Gosbell



    Wednesday, October 30, 2013 6:39 PM