Professional Documents
Culture Documents
Contents
Overview of SSAS Security
The Use Case
The Problem
The Solution
Conclusion
SSAS Security
Overview
Cube
Dimension
Dimension Data (row level)
Individual Cells
Static
Dynamic
Custom
er
Enters the
order into
the ERP
system
Sales
Rep
Taker
Sees
measures
for items
which he
sold
Sees
measures
for items
which he
entered
Invoice
generated
Invoice Data
Dimensional Model
High-level Star Schema
Sales Rep
SalesRepKey
LoginID
FullName
Region
Taker
TakerKe
y
LoginID
FullNam
e
Branch
Example 2: Taker
Has access to all transaction which he/she entered
InvoiceLineItem => Taker.LoginID = Current User
Sales
Sales
Rep =
Rep
Current
=
User Current
User
Taker Taker =
=
Current
Current User
User
The Problem
10
Invoices where
Taker OR Sales Rep
=
Current User
Invoice Universe
11
12
Invoices where
Taker OR Sales Rep
=
Current User
Invoice Universe
13
Invoices
allowed by
Taker role
Invoices
allowed by
Sales Rep
role
Invoice Universe
15
The Solution
16
17
19
20
Conclusion
23
Conclusion
SSAS provides a useful model for securing data within a cube based on
dynamic business rules defined within the cube itself
This model employs a so called additive approach when combining multiple
security roles for a single user
However, there may be some surprising (and undesirable) consequences
when a user has multiple roles based on different dimensions
There are 2 primary solutions to achieve this use case:
Monolithic Security Dimension
Custom Role Assembly
We have found the Monolithic Security Dimension to be a relatively clean
and effective approach, which fulfills the business requirements and leverages
out-of-the-box SSAS functionality rather than requiring a custom assembly
24
25
26
27
28
29
30
31
32
33