Analysis Services Security - SQL Server Analysis Services 2012 Cube Development

Database Reference

In-Depth Information

Managing database-level security

Each SSAS instance could be shared for multiple projects. As long as databases

can fit on the data drive and SSAS can handle processing and querying requests ef-

ficiently, there is no reason why you couldn't have many databases on a single in-

stance. This is particularly true in development and quality assurance environments.

Since each instance could be shared by multiple developers, it's generally best to

provide each developer with the necessary permissions for the database that he/she

is responsible for instead of granting unlimited server-wide permissions.

Database-level security is implemented through roles within each SSAS database.

Each database can have many roles, normally one role per group of users that needs

a specific level of access. Keep in mind that SSAS permissions are additive; if a user

belongs to multiple groups, he/she will have all permissions available to each of the

groups that he/she is a part of.

How to do it...

To define database-level permissions, perform the following steps:

1. Use SSMS to connect to the AdventureWorksDW2012 database on your

SSAS instance, right-click on the Roles folder within the database, and

choose New Role . This activates the Create Role dialog.

2. Specify a descriptive role name on the General tab of the dialog. Optionally,

you can also specify the role's description.

3. The General tab allows you to specify three levels of database access:

• Full control (Administrator) : This level includes unrestricted access

to create, alter, process, and drop objects within the database but not

on other databases within the same instance. If you check this option,

the other two options are automatically selected because they repres-

ent subsets of full database-wide permissions. This option also allows

members to trace the Analysis Services activity within the current data-

base.

• Process database : This self-explanatory option allows us to process

each object within the database. If you grant this option without the

ability to read definition, the user will not be able to see the objects

using any tool including SSMS but can still run XMLA commands for

Search WWH ::

Custom Search

Home