SlideShare uma empresa Scribd logo

Extending Role Security in Analysis Services for SQL Server

Kesavan Munuswamy
Kesavan Munuswamy

Extending Role Security in Analysis Services for SQL Server

EducaçãoTecnologia
1 de 10
Baixar para ler offline
Expert Reference Series of White Papers Extending Role Security in Analysis Services for SQL Server 1-800-COURSES www.globalknowledge.com
Extending Role Security in Analysis Services for SQL Server Bill Kenworthy, Global Knowledge Instructor Abstract The goal of this paper is to describe a method that allows users to browse an Analysis Services cube, limiting the user’s access by the user account used to connect to the cube. The method makes use of a many-to-many relationship established in the underlying online transaction processing (OLTP) database. Instead of maintaining many roles and assigning users to roles, the technique described uses a table in the data warehouse to link users or groups to the parts of a dimension to which they are allowed access. In a large organization, this simplifies security maintenance greatly. Introduction Given an OLTP schema, implement a data warehouse schema with tables that connect a user account using a many-to-many relationship from the user account to a dimension in the table. A cube is then created from the data warehouse which contains the many-to-many relationship. A role is created to implement dimensional security to limit what members of the dimension the user is able to view. The Steps Diagram 1. Data warehouse schema Diagram 1 shows the data warehouse schema and the relationship between the Security table and the Product dimension. This database was created by extracting appropriate data from the Northwind database, which is one of the sample databases supplied with SQL Server in the past. Northwind is a small, simple database that is useful for testing and prototyping. The Northwind database is still available from CodePlex as a downloadable script. After creating a simple data warehouse with a single-fact table and three dimensions (time, customer, and product)—two tables were added to implement the security model. Windows user accounts are listed in the Security table and linked to the Product dimension through the ProductSecurity table. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 2
Diagram 2. Contents of the two security tables, Security and Product Security The contents of my security table have two user accounts, Bill and William. The ProductSecurity table will link the user accounts to the dimension surrogate key, DimProductKey, in ProductDim. Bill is mapped to all products except to Beverages, whereas William is mapped to just Beverages. The simplicity employed here will make it easier to verify the results when I apply the role in the Cube browser. Diagram 3. The data source view for the cube The data source view brings in all the tables from my simple data warehouse. Because of the many-to-many relationship between the ProductDim and Security tables, I will build the first part of the project using the Cube wizard and the three-dimensional tables (CustomerDim, ProductDim, and TimeDim). Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 3
Diagram 4. The Basic cube with four tables The Basic cube will need a measure group that links the ProductDim and Security tables. The relationship between ProductDim and Security is a many-to-many relationship in the underlying data source view, so a measure group is created that is mapped to the ProductSecurity linking table. Diagram 5. Creating the second measure group Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 4
Next, we will add the security dimension. Diagram 6. Add the security dimension We now have a cube structure with a measure group mapped to the SalesFact table, a measure group mapped to the ProductSecurity table, and four dimensions (Customer Dim, Product Dim, Time Dim, and Security). Diagram 7. Cube with two measure groups Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 5
Once the Product Security measure group and Security dimension are part of the cube structure, we must define the dimension usage in the Dimension Usage editor, which is the second tab from the left in the cube editor. Diagram 8. Add a relationship between the Security table and the Sales Fact measure Both measure groups are in place. A relationship must be added to connect the measure groups in a many-tomany relationship, which ties the user ID in the security table to the product key in Product Dim. The Product Security measure group serves as the linking element in the many-to-many relationship. Click on the ellipsis button to bring up the relationship editor. Diagram 9. Defining a many-to-many relationship Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 6
The interface is simple. Choose “Many-to-Many” as the relationship type and choose “Product Security” as the intermediate measure group. This will then link the user ID in the security table to the Sales Fact table through the Product Security measure group. The Product Security measure group is in place simply to allow this relationship to be defined. The cube should process and deploy at this time. You can browse the cube in the cube editor browser. You should implement some dimensional hierarchies; this step is left up to the reader. Diagram 10. Browsing the cube as a check that it is functioning before moving on Create a role. I renamed mine as Master.Role. In the Cube tab of the Role Editor, set the access attribute to Read. Then move to the Dimension Data table. In that tab, choose Security from the Dimension combo box selector, and enter the MDX statement in the Allowed member set text box, as shown in Diagram 11. Check the box at the bottom of the interface, Enable Visual Tools. The MDX Statement STRTOMEMBER(“[Security].[User Account].&[“ + UserName + “]”) Concatenates the output of the UserName function with the appropriate dimensional context and return this string as the definition of a member of the security dimension. Dimensional security has less overhead than Cell Data security, resulting in better performance browsing. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 7
Diagram 11. Master.Role, the dimensional security Once the cube has been deployed and processed successfully, you can move to the cube browser, set the security context to the role that has been created, and note that access to the product dimension is limited by the relationship that is defined in the security tables in the data source view. Diagram 12. Set the browser security context Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 8
Diagram 13. View the effect of security logged in as Bill (no Beverages are displayed) Diagram 14. View the effect of security logged in as William Only one role is necessary; the MDX supplies the user account context dynamically. To test this role, it requires that the user log out and log back in to test that the security model is working properly. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 9
Conclusion The role security model can be challenging to maintain in a large enterprise environment. It is not uncommon to have security in place on an OLTP system prior to rolling out a data warehouse. Using this technique, existing tables with user account information can be used directly to secure cube contents rather than converting to role based security in the cube. By using and implementing a many-to-many relationship in a cube, you can more easily secure your Analysis Services and access sensitive information contained within it. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge through training. Implementing Data Models and Reports with Microsoft SQL Server 2012 (M10778) Designing Business Intelligence Solutions with Microsoft SQL Server 2012 (M20467) Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor. About the Author Bill Kenworthy is a business intelligence developer who’s been using Microsoft SQL Server since version 4.2. Bill works in the fulfillment industry, providing solutions for data consolidation and consistency, reporting, and analysis. He has been teaching for Global Knowledge for over 10 years and developing database applications for more than 20 years. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 10

Recomendados

Learning MVC Part 3 Creating MVC Application with EntityFramework
Learning MVC Part 3 Creating MVC Application with EntityFrameworkLearning MVC Part 3 Creating MVC Application with EntityFramework
Learning MVC Part 3 Creating MVC Application with EntityFrameworkAkhil Mittal
 
Synopsis
SynopsisSynopsis
SynopsisGaurav Gopal Gupta
 
Repository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkRepository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkAkhil Mittal
 
How do i connect to that
How do i connect to thatHow do i connect to that
How do i connect to thatBecky Bertram
 
Business Intelligence Solutions
Business Intelligence SolutionsBusiness Intelligence Solutions
Business Intelligence SolutionsSumit Gadgilwar
 
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and RolesIOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and RolesRobert Tilkes
 
SunQuest SSAS Cube Document
SunQuest SSAS Cube DocumentSunQuest SSAS Cube Document
SunQuest SSAS Cube DocumentRaghu Reddy
 
Developing ssas cube
Developing ssas cubeDeveloping ssas cube
Developing ssas cubeSlava Kokaev
 

Recomendados

Learning MVC Part 3 Creating MVC Application with EntityFramework
Learning MVC Part 3 Creating MVC Application with EntityFrameworkLearning MVC Part 3 Creating MVC Application with EntityFramework
Learning MVC Part 3 Creating MVC Application with EntityFrameworkAkhil Mittal
 
Synopsis
SynopsisSynopsis
SynopsisGaurav Gopal Gupta
 
Repository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkRepository Pattern in MVC3 Application with Entity Framework
Repository Pattern in MVC3 Application with Entity FrameworkAkhil Mittal
 
How do i connect to that
How do i connect to thatHow do i connect to that
How do i connect to thatBecky Bertram
 
Business Intelligence Solutions
Business Intelligence SolutionsBusiness Intelligence Solutions
Business Intelligence SolutionsSumit Gadgilwar
 
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and RolesIOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and RolesRobert Tilkes
 
SunQuest SSAS Cube Document
SunQuest SSAS Cube DocumentSunQuest SSAS Cube Document
SunQuest SSAS Cube DocumentRaghu Reddy
 
Developing ssas cube
Developing ssas cubeDeveloping ssas cube
Developing ssas cubeSlava Kokaev
 
ASP.NET MVC3 RAD
ASP.NET MVC3 RADASP.NET MVC3 RAD
ASP.NET MVC3 RADMădălin Ștefîrcă
 
oracle
oracleoracle
oracletarunamoria
 
Building a SaaS Style Application
Building a SaaS Style ApplicationBuilding a SaaS Style Application
Building a SaaS Style ApplicationPremkumar Veerakumar
 
Resume-Updated
Resume-Updated Resume-Updated
Resume-Updated SAKIR HUSSAIN
 
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010vchircu
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSASMike Duffy
 
I017225966
I017225966I017225966
I017225966IOSR Journals
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelIOSR Journals
 
IRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET Journal
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
 
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...1crore projects
 
A Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated InformationA Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated Informationijtsrd
 
Research Article
Research ArticleResearch Article
Research Articlesparwaiz
 
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...IRJET Journal
 
AWS Cloud Essentials - An Overview
AWS Cloud Essentials - An OverviewAWS Cloud Essentials - An Overview
AWS Cloud Essentials - An OverviewEdureka!
 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET Journal
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityVAST
 
Cloud Storage and Security
Cloud Storage and SecurityCloud Storage and Security
Cloud Storage and SecurityShashank Srivastava
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
 
Surviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebookSurviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebookKesavan Munuswamy
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamKesavan Munuswamy
 

Mais conteúdo relacionado

Semelhante a Extending Role Security in Analysis Services for SQL Server

ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010vchircu
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSASMike Duffy
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelIOSR Journals
 
IRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET Journal
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
 
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...1crore projects
 
A Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated InformationA Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated Informationijtsrd
 
Research Article
Research ArticleResearch Article
Research Articlesparwaiz
 
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...IRJET Journal
 
AWS Cloud Essentials - An Overview
AWS Cloud Essentials - An OverviewAWS Cloud Essentials - An Overview
AWS Cloud Essentials - An OverviewEdureka!
 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET Journal
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityVAST
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
 

Semelhante a Extending Role Security in Analysis Services for SQL Server (20)

ASP.NET MVC3 RAD
ASP.NET MVC3 RADASP.NET MVC3 RAD
ASP.NET MVC3 RAD
 
oracle
oracleoracle
oracle
 
Building a SaaS Style Application
Building a SaaS Style ApplicationBuilding a SaaS Style Application
Building a SaaS Style Application
 
Resume-Updated
Resume-Updated Resume-Updated
Resume-Updated
 
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
ChircuVictor StefircaMadalin rad_aspmvc3_wcf_vs2010
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSAS
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky ModelSecurity Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
Security Threat Solution over Single Cloud To Multi-Cloud Using DepSky Model
 
IRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing FeaturesIRJET - Multitenancy using Cloud Computing Features
IRJET - Multitenancy using Cloud Computing Features
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
 
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revoc...
 
A Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated InformationA Novel Secure Cloud SAAS Integration for User Authenticated Information
A Novel Secure Cloud SAAS Integration for User Authenticated Information
 
Research Article
Research ArticleResearch Article
Research Article
 
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
 
AWS Cloud Essentials - An Overview
AWS Cloud Essentials - An OverviewAWS Cloud Essentials - An Overview
AWS Cloud Essentials - An Overview
 
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
IRJET- Enabling Identity-Based Integrity Auditing and Data Sharing with Sensi...
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
Cloud Storage and Security
Cloud Storage and SecurityCloud Storage and Security
Cloud Storage and Security
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud Computing
 

Mais de Kesavan Munuswamy

Surviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebookSurviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebookKesavan Munuswamy
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamKesavan Munuswamy
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionKesavan Munuswamy
 
Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Kesavan Munuswamy
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Kesavan Munuswamy
 
Microsoft azure infographic 2015 2.5
Microsoft azure infographic 2015 2.5Microsoft azure infographic 2015 2.5
Microsoft azure infographic 2015 2.5Kesavan Munuswamy
 
Cloud Design Patterns Book from Microsoft
Cloud Design Patterns Book from MicrosoftCloud Design Patterns Book from Microsoft
Cloud Design Patterns Book from MicrosoftKesavan Munuswamy
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 secKesavan Munuswamy
 
Windows Server 2012 Exam Paper 70-411 PDF
Windows Server 2012 Exam Paper 70-411 PDFWindows Server 2012 Exam Paper 70-411 PDF
Windows Server 2012 Exam Paper 70-411 PDFKesavan Munuswamy
 
MCSA Server 2012 Exam Paper 1- Ms 70 410
MCSA Server 2012 Exam Paper 1- Ms 70 410MCSA Server 2012 Exam Paper 1- Ms 70 410
MCSA Server 2012 Exam Paper 1- Ms 70 410Kesavan Munuswamy
 
Inside the sql server query optimizer
Inside the sql server query optimizer Inside the sql server query optimizer
Inside the sql server query optimizer Kesavan Munuswamy
 
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Kesavan Munuswamy
 
SQL Server Source Control Basics
SQL Server Source Control BasicsSQL Server Source Control Basics
SQL Server Source Control BasicsKesavan Munuswamy
 
Tips for Database Performance
Tips for Database PerformanceTips for Database Performance
Tips for Database PerformanceKesavan Munuswamy
 
Fundamentals of sql server 2012 replication e book
Fundamentals of sql server 2012 replication e bookFundamentals of sql server 2012 replication e book
Fundamentals of sql server 2012 replication e bookKesavan Munuswamy
 
SQL Server Backup and Restore
SQL Server Backup and RestoreSQL Server Backup and Restore
SQL Server Backup and RestoreKesavan Munuswamy
 
SQL High Availability solutions E Book
SQL High Availability solutions E BookSQL High Availability solutions E Book
SQL High Availability solutions E BookKesavan Munuswamy
 

Mais de Kesavan Munuswamy (18)

Surviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebookSurviving Migration To Office 365 an it pros guide ebook
Surviving Migration To Office 365 an it pros guide ebook
 
Windows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By VeeamWindows_Server_2016_Virtualization White Paper By Veeam
Windows_Server_2016_Virtualization White Paper By Veeam
 
MSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information ProtectionMSFT Cloud Architecture Information Protection
MSFT Cloud Architecture Information Protection
 
Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015Ms cloud identity and access infographic 2015
Ms cloud identity and access infographic 2015
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015
 
Microsoft azure infographic 2015 2.5
Microsoft azure infographic 2015 2.5Microsoft azure infographic 2015 2.5
Microsoft azure infographic 2015 2.5
 
Cloud Design Patterns Book from Microsoft
Cloud Design Patterns Book from MicrosoftCloud Design Patterns Book from Microsoft
Cloud Design Patterns Book from Microsoft
 
Azure security infographic 2014 sec
Azure security infographic 2014 secAzure security infographic 2014 sec
Azure security infographic 2014 sec
 
MCSA Exam paper 70-412 PDF
MCSA Exam paper 70-412 PDFMCSA Exam paper 70-412 PDF
MCSA Exam paper 70-412 PDF
 
Windows Server 2012 Exam Paper 70-411 PDF
Windows Server 2012 Exam Paper 70-411 PDFWindows Server 2012 Exam Paper 70-411 PDF
Windows Server 2012 Exam Paper 70-411 PDF
 
MCSA Server 2012 Exam Paper 1- Ms 70 410
MCSA Server 2012 Exam Paper 1- Ms 70 410MCSA Server 2012 Exam Paper 1- Ms 70 410
MCSA Server 2012 Exam Paper 1- Ms 70 410
 
Inside the sql server query optimizer
Inside the sql server query optimizer Inside the sql server query optimizer
Inside the sql server query optimizer
 
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
Step by Step Windows Azure pack for windows server 2012 R2 Guide v1
 
SQL Server Source Control Basics
SQL Server Source Control BasicsSQL Server Source Control Basics
SQL Server Source Control Basics
 
Tips for Database Performance
Tips for Database PerformanceTips for Database Performance
Tips for Database Performance
 
Fundamentals of sql server 2012 replication e book
Fundamentals of sql server 2012 replication e bookFundamentals of sql server 2012 replication e book
Fundamentals of sql server 2012 replication e book
 
SQL Server Backup and Restore
SQL Server Backup and RestoreSQL Server Backup and Restore
SQL Server Backup and Restore
 
SQL High Availability solutions E Book
SQL High Availability solutions E BookSQL High Availability solutions E Book
SQL High Availability solutions E Book
 

Último

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 

Último (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 

Extending Role Security in Analysis Services for SQL Server

  • 1. Expert Reference Series of White Papers Extending Role Security in Analysis Services for SQL Server 1-800-COURSES www.globalknowledge.com
  • 2. Extending Role Security in Analysis Services for SQL Server Bill Kenworthy, Global Knowledge Instructor Abstract The goal of this paper is to describe a method that allows users to browse an Analysis Services cube, limiting the user’s access by the user account used to connect to the cube. The method makes use of a many-to-many relationship established in the underlying online transaction processing (OLTP) database. Instead of maintaining many roles and assigning users to roles, the technique described uses a table in the data warehouse to link users or groups to the parts of a dimension to which they are allowed access. In a large organization, this simplifies security maintenance greatly. Introduction Given an OLTP schema, implement a data warehouse schema with tables that connect a user account using a many-to-many relationship from the user account to a dimension in the table. A cube is then created from the data warehouse which contains the many-to-many relationship. A role is created to implement dimensional security to limit what members of the dimension the user is able to view. The Steps Diagram 1. Data warehouse schema Diagram 1 shows the data warehouse schema and the relationship between the Security table and the Product dimension. This database was created by extracting appropriate data from the Northwind database, which is one of the sample databases supplied with SQL Server in the past. Northwind is a small, simple database that is useful for testing and prototyping. The Northwind database is still available from CodePlex as a downloadable script. After creating a simple data warehouse with a single-fact table and three dimensions (time, customer, and product)—two tables were added to implement the security model. Windows user accounts are listed in the Security table and linked to the Product dimension through the ProductSecurity table. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 2
  • 3. Diagram 2. Contents of the two security tables, Security and Product Security The contents of my security table have two user accounts, Bill and William. The ProductSecurity table will link the user accounts to the dimension surrogate key, DimProductKey, in ProductDim. Bill is mapped to all products except to Beverages, whereas William is mapped to just Beverages. The simplicity employed here will make it easier to verify the results when I apply the role in the Cube browser. Diagram 3. The data source view for the cube The data source view brings in all the tables from my simple data warehouse. Because of the many-to-many relationship between the ProductDim and Security tables, I will build the first part of the project using the Cube wizard and the three-dimensional tables (CustomerDim, ProductDim, and TimeDim). Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 3
  • 4. Diagram 4. The Basic cube with four tables The Basic cube will need a measure group that links the ProductDim and Security tables. The relationship between ProductDim and Security is a many-to-many relationship in the underlying data source view, so a measure group is created that is mapped to the ProductSecurity linking table. Diagram 5. Creating the second measure group Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 4
  • 5. Next, we will add the security dimension. Diagram 6. Add the security dimension We now have a cube structure with a measure group mapped to the SalesFact table, a measure group mapped to the ProductSecurity table, and four dimensions (Customer Dim, Product Dim, Time Dim, and Security). Diagram 7. Cube with two measure groups Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 5
  • 6. Once the Product Security measure group and Security dimension are part of the cube structure, we must define the dimension usage in the Dimension Usage editor, which is the second tab from the left in the cube editor. Diagram 8. Add a relationship between the Security table and the Sales Fact measure Both measure groups are in place. A relationship must be added to connect the measure groups in a many-tomany relationship, which ties the user ID in the security table to the product key in Product Dim. The Product Security measure group serves as the linking element in the many-to-many relationship. Click on the ellipsis button to bring up the relationship editor. Diagram 9. Defining a many-to-many relationship Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 6
  • 7. The interface is simple. Choose “Many-to-Many” as the relationship type and choose “Product Security” as the intermediate measure group. This will then link the user ID in the security table to the Sales Fact table through the Product Security measure group. The Product Security measure group is in place simply to allow this relationship to be defined. The cube should process and deploy at this time. You can browse the cube in the cube editor browser. You should implement some dimensional hierarchies; this step is left up to the reader. Diagram 10. Browsing the cube as a check that it is functioning before moving on Create a role. I renamed mine as Master.Role. In the Cube tab of the Role Editor, set the access attribute to Read. Then move to the Dimension Data table. In that tab, choose Security from the Dimension combo box selector, and enter the MDX statement in the Allowed member set text box, as shown in Diagram 11. Check the box at the bottom of the interface, Enable Visual Tools. The MDX Statement STRTOMEMBER(“[Security].[User Account].&[“ + UserName + “]”) Concatenates the output of the UserName function with the appropriate dimensional context and return this string as the definition of a member of the security dimension. Dimensional security has less overhead than Cell Data security, resulting in better performance browsing. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 7
  • 8. Diagram 11. Master.Role, the dimensional security Once the cube has been deployed and processed successfully, you can move to the cube browser, set the security context to the role that has been created, and note that access to the product dimension is limited by the relationship that is defined in the security tables in the data source view. Diagram 12. Set the browser security context Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 8
  • 9. Diagram 13. View the effect of security logged in as Bill (no Beverages are displayed) Diagram 14. View the effect of security logged in as William Only one role is necessary; the MDX supplies the user account context dynamically. To test this role, it requires that the user log out and log back in to test that the security model is working properly. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 9
  • 10. Conclusion The role security model can be challenging to maintain in a large enterprise environment. It is not uncommon to have security in place on an OLTP system prior to rolling out a data warehouse. Using this technique, existing tables with user account information can be used directly to secure cube contents rather than converting to role based security in the cube. By using and implementing a many-to-many relationship in a cube, you can more easily secure your Analysis Services and access sensitive information contained within it. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge through training. Implementing Data Models and Reports with Microsoft SQL Server 2012 (M10778) Designing Business Intelligence Solutions with Microsoft SQL Server 2012 (M20467) Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor. About the Author Bill Kenworthy is a business intelligence developer who’s been using Microsoft SQL Server since version 4.2. Bill works in the fulfillment industry, providing solutions for data consolidation and consistency, reporting, and analysis. He has been teaching for Global Knowledge for over 10 years and developing database applications for more than 20 years. Copyright ©2013 Global Knowledge Training LLC. All rights reserved. 10