Database Reference
In-Depth Information
Managing cube-level security
You already learned how to define SSAS instance administrators and how to grant
the necessary permission to cube developers. Now, it's time to secure the solution at
the cube level so that each user is permitted to see only the data that they require to
perform their job functions.
Each database could have multiple cubes. Cube-level data is also secured using
roles, and (not surprisingly) cube-level security is defined on the
Cubes
tab.
How to do it...
Let's get started by performing the following steps:
1. Open the role that you created in the previous recipe, navigate to the
Cubes
tab, and note the
Access
,
Local Cube/Drillthrough Access
and
Process
settings.
2. Cube users could have three levels of access:
•
None
: They cannot read any data from the cube
•
Read
: They can read cube data
•
Read/Write
: They can read cube data and write-back values only if
write-back is enabled
3. The
DRILLTHROUGH
permission allows role members to execute drillthrough
actions and the
DRILLTHROUGH
MDX command against the specific cube.
You could have some users who need access to detailed data whereas others
could only require high-level summarized values.
4.
Local Cube
is an interesting option that allows cube users to download some
or all of the cube data to their local desktop/laptop for offline analysis. Clearly,
Local Cube is not a good option for saving an entire enterprise-level cube to a
laptop, but it could be useful if an executive needs to run a few reports during
his/her airplane trip to a remote office. If drillthrough / Local Cube access isn't
granted, users will receive errors when attempting to create a local copy of the
cube or drillthrough to detailed data.
Search WWH ::
Custom Search