Data warehouses (DWs) contained high sensitive data, and therefore, it is essential to specify security measures from the early stages of the DW design and enforce them. Access control models for transactional (relational) databases, based on tables, columns and rows, are not appropriate for DWs. Instead, security and audit rules defined for DWs must be specified based on the multidimensional (MD) modeling used to design data warehouses. So far, very few approaches represent security measures in the conceptual modeling of data warehouses form the early stages of a DW project. Moreover, these security measures cannot be directly represented in the relational model for data warehouses, thereby having a semantic gap between the conceptual and logical schemas. In this paper, we present an extension of the relational model to consider security and audit measures represented in the conceptual modeling. To accomplish this, we based on the Relational Package of the Common Warehouse Metamodel (CWM) and extend it to properly represent all security and audit rules defined in the conceptual modelling of data warehouses. Finally, to show the benefit of our approach, we apply our proposal to a health care case study.