SSAS - Security

About

SSAS relies on Windows authentication to authenticate users. After a user has been authenticated, SSAS controls permissions within the databases based on the user’s role membership.

Articles Related

Semantic

Entities and resources

• Principals are entities that can request SQL Server resources.
• Securables are the resources to which the SQL Server Database Engine authorization system regulates access.

Role

Role permissions are database-specific.

• SSAS has a single fixed server role for administrators. Members of this role have full permissions to perform any action in the instance.
• Administrators can create database roles for users.

Installation

After an installation of an instance of SSAS, only the members of the server role have server-wide permissions to perform any task within the instance of SSAS. By default, no other users have any access permissions to the objects in the instance.

Management

Members of the SSAS server role can grant other users access to server and database objects by using:

• Microsoft SQL Server Management Studio,
• SQL Server Data Tools,
• or an XML for Analysis (XMLA) script.

Test

In order to test the permission, the user or role credential must be changed.

Change User

• In the Cube Designer, on the Browser tab, the Change User button.

• In Role Designer, on the Cell Data tab, the Test cube security hyperlink. (It will save objects if necessary and will defaults to the current role)

Run As

Windows “Run as” feature to start an application such as SQL Server Management Studio, and test administrative permissions such as those granted through membership in the server role or the database-level Full Control (Administrator) permission.