Granting Read Metadata Permissions
A member of the server role for an instance of Microsoft SQL Server 2005 Analysis Services (SSAS), or a member of a database role with Full Control (Administrator) permissions in a database, can create a database role that has permission to read the metadata of specified objects. Giving a database role permission to read metadata on selected objects lets an administrator grant users permission to view object definitions, without also granting those users permission to modify the object's definition, modify the object's structure, or view the actual data for the object.
When you give a database role permission to read metadata, be aware that permissions are additive. For example, one database role may give a user permission to read the metadata for a particular cube, while a different database role may give the same user permission to read the metadata for a dimension within that cube. The permissions from the two different roles combine to give the user permission to both read metadata for the cube and the metadata for the dimension within that cube.
Important
To view an object's definition in either SQL Server Management Studio or Business Intelligence Development Studio, the user must have a database role that gives permission to read the database metadata. A user who has permission to read metadata can also use the DISCOVER_XML_METADATA schema rowset to query the object and view its metadata. For more information, see DISCOVER_XML_METADATA Rowset.
Read metadata permissions can be granted at the database, data source, cube, dimension, mining structure, and mining model levels.
Granting Read Metadata Permissions on an Analysis Services Database
Giving a database role permission to read the metadata of an Analysis Services database means that the role has permission to read the definition of the database. However, permission to read database metadata does not give the role permission to read the metadata of any of the other objects in the database.
Note
Permission to read a database's metadata is the minimum permission required to connect to an Analysis Services database using either Management Studio or BI Development Studio.
To give a database role permission to read the metadata of an Analysis Services database
In SQL Server Management Studio, connect to the instance of Analysis Services, , expand Roles for the appropriate database in Object Explorer, and then click a database role (or create a new database role).
On the General tab, select the Read Definition option.
Granting Read Metadata Permissions on an Analysis Services Data Source
Giving a database role permission to read the metadata of a data source means that the role has permission to read the definition of a data source. Granting a database role permission to read the definition of the data source means that role members can view the connection string to the data source, which includes the server name and may also include the login name. For security reasons, access to this information should typically be restricted. However, the existence of this permission enables administrators to grant this permission without also granting permission to modify the connection string or view the definitions of any other objects.
To give a database role permission to read the metadata of a data source
In SQL Server Management Studio, connect to the instance of Analysis Services, , expand Roles for the appropriate database in Object Explorer, and then click a database role (or create a new database role).
Click Data Sources in the Select a Page pane, locate the data source in the Data Source Name list, and then select the Read Definition check box for that data source.
Granting Read Metadata Permissions on a Dimension
Giving a database role permission to read the metadata of a dimension means that the role has permission to read the definition of a dimension. Experienced analysts and developers may need to view the definition of dimensions in the cube in the course of their work. However, for security reasons, the definition of dimensions should not be visible to most business users. The existence of this permission enables administrators to grant certain users the permission to view the definitions of one or more dimensions without also granting them the permission to modify these dimensions or view the definitions of other objects (such as other dimensions, cube objects, or mining structures and models).
To give a database role permission to read the metadata of a dimension
In SQL Server Management Studio, connect to the instance of Analysis Services, , expand Roles for the appropriate database in Object Explorer, and then click a database role (or create a new database role).
Click Dimensions in the Select a Page pane, locate the dimension in the Dimension Name list, and then select the Read Definition check box for that dimension.
Granting Read Metadata Permissions on a Mining Structure or Mining Model
Giving a database role permission to read the metadata of either a mining structure or a mining model means that the role has permission to read the definition of the mining structure or mining model, respectively. Experienced analysts and developers may need to view the definition of objects in the mining structures and mining models in the course of their work. However, for security reasons, the definition of these objects should not be visible to most business users. The existence of this permission enables administrators to grant certain users the permission to view the definitions of particular mining structures and mining models without also granting them the permission to modify these objects or to view all other objects in the Analysis Services database.
To give a database role permission to read the metadata of a mining structure
In SQL Server Management Studio, connect to the instance of Analysis Services, , expand Roles for the appropriate database in Object Explorer, and then click a database role (or create a new database role).
Click Mining Structures in the Select a Page pane, locate the mining structure in the Mining Structures list, and then select the Read Definition check box for that mining structure.
See Also
Tasks
Granting Full Control Permissions
Granting Process Permissions
Concepts
Granting User Access
Roles (Analysis Services)