An OLAP Requirements Example: CompSales International (part 16) - Security and Roles

Security and Roles

Security is straightforward in SSAS. For each database or cube, roles are identified with varying levels of granularity for users. Roles are used when accessing the data in cubes. The process works like this: a role is defined, and then an individual user or group who is a member of that role is assigned that role. To create the roles you need for this data, you right-click on the Roles entry in the Solution Explorer and select New Role. Figure 66 shows the creation of a database role with process database and read definition permissions.

Figure 66. Creating a database role and permissions in the role designer.

The other tabs of the role designer allow you to further specify the controls, such as which members you want to have this role (Membership tab), what data source access you want (Data Sources tab), which cubes can be used (Cubes tab), what specific cell data the role has access to (Cell Data tab), what dimensions can be accessed (Dimensions tab), what dimensional data can be accessed (Dimension Data tab), and what mining structures are allowed to be used (Mining Structures tab). These are additive. As you can see in Figure 67, you can also specify full MDX queries as part of the process of filtering what a member and role can have access to.

Figure 67. Specifying MDX-based filtering, using the role designer.