Database Reference
In-Depth Information
Administrative security
Administrative permissions can be granted at two levels in Analysis Services: at
the server level and at the database level. To become an Analysis Services server
administrator, a user must be a member of the special, server-wide administrators
role. Users can be added to this role when Analysis Services is installed, or by
right-clicking on an instance in the Object Explorer pane in SQL Management
Studio, selecting Properties on the menu, and going to the Security page in the
Analysis Services Properties dialog. Server administrators have no restrictions
on what they can do; also, certain tasks, such as creating databases, can only be
performed by server administrators. As a result, it's likely that we'll have to be a
member of this role while we're developing our cube.
Database-level administrative permissions are granted in the database roles we've
just been introduced to in the preceding sections. By checking the Full Control box
on the General tab, we can grant role-full administrative permissions to the database.
This means members of the role can create new objects, edit existing objects, process
objects, and so on. In the unlikely event that we need finer grain control over
administrative permissions, you can grant the following two permissions on either
the entire database or individual objects:
Read Definition: : This allows members of a role to read the XMLA definition
of an object, without being able to modify it or read data associated with it.
If a user needs to be able to view an object in SQL Management Studio or BI
Development Studio (while connected to the database in Online mode), they
need to be a member of a role which has this permission.
Process : This allows members of a role to process an object.
Data security
There are three different types of data security that we can implement: we can grant
members of a role permission to access entire cubes; and we can control access to
data within a cube by granting or denying access to individual cells (Cell security)
or individual members on dimension hierarchies (Dimension security).
Granting Read Access to Cubes
Before a user can access any data in a cube, they need to be a member of a role that
has Read permissions on that cube. A role can be granted Read permission on a cube
by selecting Read on the Access drop-down box next to the cube name on the Cubes
tab of the Role Editor as shown in the following screenshot:
 
Search WWH ::




Custom Search