SSAS: Securing Analysis Services Part 3

Having created a server admin and a database admin we now need to add a business user who will have permissions on very specific aspects of the cube. This is important because most cubes within large organizations will contain information that is of a sensitive nature. As a result we need a mechanism by which the users can be bifurcated based on their job role. A simple example of such an implementation would be a company that performs internet sales of technology products. While customer care or business analysts have a justification to view sensitive customer information like credit card info etc. Tech support and manufacturing do not have any justification to access this information. However since all the data is part of the same cube we need to be able to make sure that this data is out of bounds to the unwanted users. We can implement this using the roles feature within SSAS as before.

Let us first create the role which defined what the user can and cannot do. In this case we navigate to the database and open up the roles folder as before.

Press create New Role

In this example we are going to create a role such that the user has access only to product information and not the credit card information.

Enter the name of the role as ProductReader and then check the box for Read Definition.

Next click the membership option on the left hand side and press the Add button and add the user ProdUser.( to see how to create a new user account refer this link).

Next click Datasource, since we have only one Datasource the user will need access to read this data source.

Next we navigate to the Cubes option on the left hand side

Since we have only one Cube we need to set access to the cube for the user can connect to it.

We do this by setting the Access to Read.

Next we need to explicitly state which cells within the cube the user has access to.

Please Consider Subscribing


Leave a Reply