Granting Process Database Permissions
After you install an instance of Microsoft SQL Server 2005 Analysis Services (SSAS), all members of the Administrators local group are members of the Analysis Services Server role in that instance and have server-wide permissions to perform any task within the instance of Analysis Services. By default, no other users have any permission to administer or view any objects in the instance of Analysis Services.
A member of the Analysis Services Server role can grant users administrative access on a server-wide basis by making them members of the Server role, which grants them unrestricted access to all Analysis Services objects and data in that instance. A member of the Analysis Services Server role can grant users access on a more limited basis by granting them limited or complete administrative or access permissions at the database level. Limited administrative permissions include process or read definition permissions at the database, cube, or dimension level.
In the tasks in this topic, you will define a Process Database Objects security role that grants members of the role permission to process all database objects, but no permission to view data within the database.
Defining a Process Database Objects Security Role
To define a Process Database Objects security role
In Solution Explorer, right-click Roles and then click New Role.
Role Designer appears, as shown in the following image.
Click the Process database check box.
In the Properties window, change the Name property for this new role to Process Database Objects Role.
Switch to the Membership tab of Role Designer.
Notice that there are no users or groups in this role. You are just creating a role in this procedure. After deployment, an administrator can add users or groups to the role.
Switch to the Cubes tab of Role Designer.
Notice that members of this role have permissions to process this database, but have no permission to access the data in the Analysis Services Tutorial cube and have no local cube/drillthrough access, as shown in the following image.
Switch to the Dimensions tab of Role Designer.
Notice that members of this role have permissions to process all dimension objects in this database, and, by default, have read permissions to access each dimension object in the Analysis Services Tutorial database, as shown in the following image.
On the Build menu, click Deploy Analysis Services Tutorial.
You have now successfully defined and deployed the Process Database Objects security role. After a cube is deployed to the production environment, the administrators of the deployed cube can add users to this role as required to delegate processing responsibilities to specific users.
Note
A completed project for Lesson 10 is available by downloading and installing the updated samples. For more information, see Obtaining Updated Samples in Installing Samples.
See Also
Other Resources
Securing Analysis Services
Configuring Access to Analysis Services
Granting Administrative Access
Granting Administrative Permissions Within a Database