Reputation: 33
SSAS Security Access Restriction
I have created a cube including user roles to restrict the access. Checking with Server Data Tools, everything works fine: the user do see limited data of a particular dimension. I added an user from Active Directoy to that role. After deploying the cube including the new created role and connecting with Excel to that cube with Single Sign On (SSO), I do see all data without any limitation.
What is missing?
Regards
Matt
Upvotes: 0
Views: 698
Answers (1)
Reputation: 11625
Two possibilities. Adding your own username (who is an SSAS admin I assume) to a role will not lower your permissions. You will still be a SSAS admin and can this see everything. If you want to limit your own permissions in Excel you must edit the connection string in Excel and add Roles=YourRoleName
If you are trying to restrict someone else's permissions make sure that other person:
- Doesn't have SSAS admin permissions
- Isn't a Windows admin because by default there is a BuiltInAdminsAreServerAdmins=True property in SSAS which would make Windows admins be SSAS admins.
- Make sure that user isn't also listed as a member in another role. Permissions across roles are additive in SSAS.
Upvotes: 1
Related Questions
- SSAS OLAP Cube: Row level security with Cube Roles
- How to grant access to only one perspective
- SSAS OLAP Cube Dynamic Security. Many dimensions in one role
- SSAS: Impersonation access (Service access)
- SSAS cube login specific security on data
- SSAS cube restrict data source by role
- ssas restricting access
- MSOLAP Connection String : Is is possible to access Cube as a particular user
- Cube-level security using CustomData
- SSAS Roles - Creating a Role to restrict access to the cube, by country