Friday, May 18, 2012
Sign-up
Home

Videos

Forums

About
       Contact Us
       Meet the Instructors
You are @ Forums
 
 Ads
  

 
 Learn Microsoft BI Forum
 
  Learn Microsoft BI Forum  Core Servers  Analysis Servic...  How to create basic security roles using AD
Previous Previous
 
Next Next
New Post 11/11/2008 4:55 PM
  chasv
0 posts
No Ranking


How to create basic security roles using AD 

Hi,

I need guidance in beefing up the security in an SSAS 2005 cube that I manage. The cube was created with a single "everyone.role" which allows read access to the built-in role "everyone", all other tabs in the role are mostly blank or default leaving the cube very exposed. I have been tasked to limit the access in the cube to 2 distinct Active Directory groups. Lets call them Grp1 and Grp2. If a user is not in Grp1 or Grp2 then they have no access to the cube.

The primary access rules being:

  1. Data source is simple star schema, and for most dimensions and all their measures, both Grp1 and Grp2 are allowed to access and read the contents.
  2. For other dimensions (and all measures within this dimension), Grp1 is allowed full access but Grp2 must be denied access to the entire dimension (dimension level).
  3. For another dimension, Grp1 can access all, but Grp2 must only access some of the measures within this dimension (measure level).
  4. Lastly, Grp1 can access all calculated measures but Grp2 is only allowed to access some of the calculated measures.

Can anyone point me in the right direction, I am looking for a how-to or tut which can answer most if not all of my requirements listed above.

Thanks in advance, Chas.
 
New Post 11/12/2008 6:50 PM
  cutley
363 posts
1st Level Poster


Re: How to create basic security roles using AD 

Chas,

This sounds like the standard approach to security in SSAS. I haven't gotten around to a video on that yet but here's basically what you need to do:

  1. Create a new role and give it a meaningful name.
  2. In the Membership screen, add the group you want in that role.
  3. On the Cubes tab, give them Read access to the cube(s) in question.
  4. On the Dimension Data tab, choose the hierarchies/attributes and then select or deselect members as needed. This will cover numbers 1 and 2.
  5. On the Cell Data tab is where you set the measures and these are done in MDX. To give permissions to two different measures named Sales Amount and Tax Amt, you would check the "Enable Read Permissions" box and enter the following MDX: Measures.CurrentMember IS [Sales Amount] OR Measures.CurrentMember IS [Tax Amt]

A good place to start is here: http://msdn.microsoft.com/en-us/library/ms175408.aspx
 
New Post 11/13/2008 7:06 PM
  chasv
0 posts
No Ranking


Re: How to create basic security roles using AD 

Thank you very much, this has been a great help.
 
New Post 2/18/2009 12:46 PM
  anonymous
0 posts
No Ranking


Re: How to create basic security roles using AD 

Regarding dealing with security I'm stuck and really dont know how to implement the security in my app.

The scenario is:
The SSRS reports access SSAS cube to fetch and display data. These reports are embedded in a .net web application. The .net application manages user info itself i.e. using database. Is there a method by which only the .net application user can authenticate with the cube so that reports can view data. Just for info we are not allowed to create groups on the server. Only a local user account is created for our purpose.




 
New Post 2/18/2009 12:52 PM
  cutley
363 posts
1st Level Poster


Re: How to create basic security roles using AD 

Maybe... are SSRS and SSAS on the same or separate servers?
 
 Page 1 of 212Next 
Previous Previous
 
Next Next
  Learn Microsoft BI Forum  Core Servers  Analysis Servic...  How to create basic security roles using AD
  
Copyright 2011 by CIOBriefings LLC