Database Reference
In-Depth Information
Chapter 7. Securing Your Cube Project
Data warehouse solutions often contain sensible information such as economic in-
formation about a company. A cube built on top of a data warehouse enables users
to query the information using an easily understandable structure and provides the
ability to query large amounts of data in an instant. Because of this, security is of ut-
termost importance. Analysis Services contains the functionalities needed to secure
the most sensitive data down to the individual cell. This means that you can, for ex-
ample, easily create a cube that only allows the users to see individual product lines
or regions, or you can create a cube that allows users to only see data at a certain
granularity.
Ensure that you create a security model that is as simple as possible; a complex mod-
el can be a nightmare to maintain. A complex model can also make it hard for the
user to understand why they see a specific value when performing analysis. A user
may think that they see a value for the entire product line, but security may limit them
to only see this for a specific region or a date range, which may not be clear to the
users.
In this chapter, we will look at how you can secure your cube project. The chapter will
cover the following subjects:
• Securing the cube through fixed server roles and custom roles
• Securing dimensions
• Specifying user rights on measures
• Implementing and testing data security
• Securing cubes through dynamic security
Understanding role-based security
The fundamental security object in Analysis Services is a role. A
role
defines the con-
nection between the security object in Windows, which are groups and users, and the
security definitions that you specify in the cube. You can think of the role as a group
of users and groups.
By default, there are no defined roles in Analysis Services except for the fixed server
role that provides administrative access to the server.
Search WWH ::
Custom Search