Analysis Services
How to create a database role
To create a database role
- In the Analysis Manager tree pane, right-click the database for which you want to create a database role, and then click Manage Roles.
- In Database Role Manager, do one of the following:
- To use an existing role as the basis for the new role, select the existing role, and then click Duplicate. In the Duplicate Role dialog box, specify a name for the new role, and then click OK. Select the new role, and then click Edit.
- To define the new role without values from another role, click New. In the Database Role dialog box, type a value in the Role name box. You can enter a maximum of 50 characters; the name must begin with an alphabetical character.
- To use an existing role as the basis for the new role, select the existing role, and then click Duplicate. In the Duplicate Role dialog box, specify a name for the new role, and then click OK. Select the new role, and then click Edit.
- (Optional.) In the Database Role dialog box, type a value in the Description box.
- In the Enforce on box, select one of the following:
- Server. Server enforcement is more secure due to filtering of data on the server, but this may slow performance. Queries are resolved entirely on the Analysis server or at the data source.
- Client. Client enforcement generally provides better performance but may allow users to gain unauthorized access to data on the client workstation. Queries might be resolved partially or completely at the client workstation.
- Server. Server enforcement is more secure due to filtering of data on the server, but this may slow performance. Queries are resolved entirely on the Analysis server or at the data source.
- In the Membership tab, specify the users and groups in the role. To begin adding users and groups, click Add, and then in the Add Users and Groups dialog box:
- In the List Names From list, click the domain from which to select users and groups.
- To display users under Names, click Show Users.
- To display a group's members, click the group, and then click Members.
- To add a user or group to the role, click the user or group, and then click Add.
- After you finish adding the users and groups to the role, click OK.
To remove a user or group from the role, in the Membership tab, select the user or group, and then click Remove.
- In the List Names From list, click the domain from which to select users and groups.
- (Optional.) In the Cubes tab, select the cubes that the database role can access. For each cube you select, a cube role is created.
- (Optional.) In the Mining Models tab, select the data mining models that the database role can access. For each mining model you select, a mining model role is created.
- (Optional.) In the Dimensions tab, for each displayed permission, select a rule. (A read/write permission appears only for a write-enabled dimension.) The following table describes the rules that are available for each permission.
Permission Rule Rule description Read Unrestricted The role can view all members. This rule is the default. Fully Restricted The role can view only a single member. If the dimension does not have an (All) level, then the visible member is the first member in the topmost level. Custom Only the levels and members you specify in the Custom Dimension Security dialog box can be viewed. To access this dialog box, select Custom, and then in the Custom Settings column, click the edit (...) button. For more information, see Defining Custom Rules for Dimension Security. Read/write Unrestricted The role can update all members. This rule is available only if the rule for the read permission is Unrestricted. Fully Restricted The role cannot update members. This rule is the default and is available only if the rule for the read permission is Unrestricted or Fully Restricted. Custom Only the levels and members you specify in the Custom Dimension Security dialog box can be updated. To access this dialog box, select Custom, and then in the Custom Settings column click the edit (...) button. This rule is available only if the rule for the read permission is Unrestricted or Custom. For more information, see Defining Custom Rules for Dimension Security.
For more information about these permissions and rules, see Dimension Security.
- In the Database Role dialog box, click OK.
The read/write permission in the Dimensions tab is effective only as long as the dimension remains write-enabled. For more information, see Write-Enabled Dimensions.