Roles mechanism
TimXox
I am trying to implement a security model for OLAP 2008. There are a lot of
users which have access to the same cube measures, but limited access to a
X - Dimension - each user may see only several ( 1,2, 100 top) members
which belongs to this particular user. Actually between User and X-Dim is
Many to Many relationship. The Roles mechanism is very attractive , but I am
not sure how to use it.
I cannot create a role for each user – too much. Id prefer to have one role
for all these users and somehow to allow a user to see just slice of X-Dim.
What options do I have?
Thanks,
Tim.
Classiarius
Roles are essential in our environment. Don't use just one role and
put everyone in that, you're much better off figuring out what types
of access roles you'll need to your cube(s) then creating the
appropriate number of roles which allows the finest grain. You can
even put lower-level roles as members of higher-level roles, and
integrate the entire hierarchy with Active Directory.
There are many resources available to learn to use roles, so I'd
suggest you find them, practice, and then enjoy a far simplified
security model.
TimXox
It doesn't matter how many roles I gonna create.
The problem is to separate a Role and a User.
For a particular User Id like to narrow access to a particular dimension.
I think it should be easy to do.
Thanks.
"Classiarius" wrote:
> .
>
Classiarius
There are several ways you can go, but you might want to:
1) Think of SSAS roles as AD groups
2) Create new AD groups with individuals in the new groups
3) Create SSAS roles with the same name (for simplicity) as the new
AD groups
4) Assign the new AD group to the new SSAS role
5) Define dimension, cube, etc. security for the SSAS roles
-This is done by opening the roles in BIDS and assigning desired
privileges