Security and Roles
Security is straightforward in
SSAS. For each database or cube, roles are identified with varying
levels of granularity for users. Roles are used when accessing the data
in cubes. The process works like this: a role is defined, and then an
individual user or group who is a member of that role is assigned that
role. To create the roles you need for this data, you right-click on
the Roles entry in the Solution Explorer and select New Role. Figure 66 shows the creation of a database role with process database and read definition permissions.
The other tabs of the role
designer allow you to further specify the controls, such as which
members you want to have this role (Membership tab), what data source
access you want (Data Sources tab), which cubes can be used (Cubes
tab), what specific cell data the role has access to (Cell Data tab),
what dimensions can be accessed (Dimensions tab), what dimensional data
can be accessed (Dimension Data tab), and what mining structures are
allowed to be used (Mining Structures tab). These are additive. As you
can see in Figure 67, you can also specify full MDX queries as part of the process of filtering what a member and role can have access to.