Security in PivotTable Service
PivotTable® Service supports security in two ways: by providing security at various levels of the server object model, and by supporting authentication of users.
Server Object Model Security
Different levels of the server object model handle security in different ways:
Database, cube, and mining model security
Database administrators (DBAs) can use roles to grant read and write permissions for the members of a database or an individual cube. Roles that grant read permission can also be created for mining models. These roles are available in the database schema rowset. For more information, see Roles.
Member security
Individual members of a cube or mining model can be secured independently from a level, dimension, and so on. Members that are secured in this manner are invisible to client applications that do not have permission to access them. No errors are raised and placeholders are not retuned.
Cell Security
Queries that involve these secured members will return an error. Updates to a secured member will also return an error. The value of this error depends on the value of the Secured Cell Value property. For more information, see Cell Security.
Drillthrough security
Read permission for the Multidimensional Expressions (MDX) Drillthrough command can be granted for the entire cube using the cube's role. Drillthrough requests against secured data return an error.
User Authentication
Authentication is the process by which a user is positively identified to determine the permissions the user has been granted. Microsoft® SQL Server™ 2000 Analysis Services supports three authentication providers:
- NTLM protocol (Windows authentication)
- Kerberos
- Negotiate
- Anonymous user
After authentication for a user has been obtained, a user can connect to a database using any role of which he or she is a member by using the Roles property in the connection string for the session, as long as that role has been granted access to the database.