Databases Reference
In-Depth Information
Figure 9-80
As you can see, the role of designer lets you easily specify the right access
permissions to the dimensions and cubes within an Analysis Services data-
base. If you have provided access only to the Adventure Works cube, but not
to the Mined Customers cube, then when you connect to Analysis Services
through SQL Server Management Studio as one of the users listed in the
role's membership, you will not see the Mined Customers cube. On the other
hand, if you assign a user to two roles, with one role granting access to the
Adventure Works cube and the other role granting access to the Mined Cus-
tomers cube, the user will see both cubes because role permissions are ad-
ditive. In BIDS, you can test the effect of security, including membership in
multiple roles, by browsing the cube under a specific role or a user. If you try
to browse a cube for which the current user or role has not been granted per-
missions, you will get an error message that says you do not have access to
the cube.
In this section, you have learned how to define access permissions (read or
write permissions) for cubes and dimensions. This ensures correct access re-
striction to a specific cube or a dimension as a whole to certain users query-
ing the database. Some business scenarios call for restricted access to just a
part of the dimension or cube. For example, if I am a sales manager in a
chain of retail stores, I might only be given access to view sales information
specific to my store. Defining the right security for dimension and cell data is
best learned through a scenario; expect to find out more about restricting data
access to users in
Chapter 19
. As for mining models, the Mining Structures
tab allows you to define security for mining models, which we will not be cov-
ering in this topic.
Search WWH ::
Custom Search