SQL Server Analysis Services: Analysis Services: Data Security

SQL Server Analysis Services data security issues correspond to the security issues of the Database Engine. This means that SSAS supports the same general features—authorization and authentication—that the Database Engine does, but in a restricted form.

NOTE The following description of data security is related to the Multidimensional model. Because data security is an issue of the server, security concerning the Tabular model is similar.

Authorization defines which user has legitimate access to SSAS. This issue is tightly connected to the operating system authorization. In other words, SSAS imposes user authorization based on the access rights granted to the user by the Windows operating system.

You can limit the number of users that can perform administrative functions for SSAS. You can also specify which end users can access data and delineate the types of operations they can perform. Additionally, you can control their access at different levels of data, such as the cube, dimension, and cube cell level. This is done using roles.

A role is a containing object for a group of users. Windows credentials mentioned previously are assigned to roles within the model. By specifying roles, you establish the membership of the users in Analysis Services. Because permissions are assigned by role, a user must be a member of a role before the user has access to any object.

There are two types of roles:

  • Server role
  • Database role

The server role defines administrative access of Windows users and groups to an instance of Analysis Services. Members of this role have access to all Analysis Services databases and objects on an instance of Analysis Services, and can perform all administrative tasks.

A database role defines user access to objects and data in an Analysis Services database. A database role is created as a separate object in an Analysis Services database, and applies only to the database in which that role is created. Windows users and groups are included in the role by an administrator, who also defines permissions within the role.

Source: Petkovic Dusan (2020), Microsoft SQL Server 2019: A Beginner’s Guide, Seventh Edition-McGraw-Hill Education.

Leave a Reply

Your email address will not be published. Required fields are marked *