![]() However, since the first public announcements about BISM so far, new details have been revealed about the architecture of this technology, allowing us to be more precise in the descriptions of it.īISM. In this article we’ll focus on development of analytical tabular models, an integral part of Business Intelligence Semantic Model (BISM), the new paradigm for developing Business Intelligence (BI) solutions based on SQL Server 2012 Analysis Services.Īs was already mentioned in the introductory article about PowerPivot, the incorporation of BISM into Analysis Services makes SQL Server one of the most powerful solutions within the current BI arena. If a table is indirectly secured by different Roles which put security on different tables those restrictions are combined using OR.The recent SQL Server 2012 release (formerly codenamed Denali) is accompanied, as usual in any new version, for several interesting improvements. This is exactly what we and our customers would expect to see – all sales for “Germany” and also every sale related to “Bikes”! In tabular models security applied to a given table cascades down to all related tables – in this case to our fact table. Here is the same query on a tabular model with the same security settings: Even though this is true in terms of the structure (rows, columns) of the query we still get a different result in terms of values! A user belonging to both roles is also allowed to see all countries and all product categories – this is because security settings are additive, same as for multidimensional. įor tabular this behavior is somehow similar. Usually Active Directory Groups are used and assigned to SSAS roles, so this can happen quite easily without anyone even noticing (except the user who is happy to see more )!Ĭhris Webb wrote an excellent blog post on how to deal with those kinds of security requirements in multidimensional models here. If you have every faced this problem in real life you know that this is probably not the intended behavior your customers want to see. As Roles are additive the user is allowed to see all countries and also all product categories, hence the whole cube:īasically you would expect to see “Bikes”-sales for all countries and “Germany”-sales for all product categories but you end up seeing much more than this. Role “Bikes” does not have any restriction on so all countries are visible, Role “DE” has no restriction on so all product categories are visible. For multidimensional this is a real problem as it finally result in the user seeing the whole cube! This is “by design” and can be explained as follows: A user may belong to Roles “Bikes” and “DE”. However, if roles secure different dimensions/tables it gets a bit more tricky. This applies to tabular and also multidimensional. This is OK and returns the expected results as both roles secure the same dimension/table. “Brakes” – is restricted to = “Brakes”Ī user belonging to Roles “Bikes” and “Brakes” will see all products that belong to “Bikes” and all products that belong to “Brakes”. This means that you will not see less if you are assigned multiple roles but only more. But it can become very tricky if a user belongs to more than one role.įor both, tabular and multidimensional security settings of multiple roles are additive. This is very trivial if a user only belongs to one Role – the user is allowed to see what is specified in the Role. Those Roles are then assigned to users and groups. ![]() Both use Roles to handle specific security settings. In terms of security tabular and multidimensional models of SQL Server Analysis Services are very similar. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |