locked
Proclarity Security Issues RRS feed

  • Question

  • Hi all,

      I have my cube on one machine and my PAS and desktop professional on another machine. I have defined the roles in the cube.When i connect to the cube from different machine, the role is not picked up. Say my login has access to only one particular category, When i browse from desktop professional it shows me all the categories. Please let me know if there is any work around. Also in PPS we have a role tab while connecting to the data source where we define like Roles="TestRole".Is there a way in Proclarity???

    Thanks and Regards,

    Ram
    Tuesday, September 23, 2008 10:02 AM

Answers

All replies

  •  

    Hello, thanks for posting your inquiry.  PAS does have roles in the Analytics Admin Util  however they're a bit different than the PPS ones.  PAS roles control access to books, libraries, views, as well as publishing permissions (drill up, down, etc..).  From what your message states you can connect to your cube with ProClarity Desktop Professional but you are able to see all 'categories' when you have SSAS permissions in place that should limit the categories you are able to see.. is that right?  I'm guessing you're using dimension security to allow access to certain dimentions and certain parts of dimensions, is this also correct?  If you have permissions set and they're not working correctly then I'd recommend checking to see if you're a member of the Server role in SSAS as that would give you universal access to Everything on the server.

     

    hth,

    Sean

    Wednesday, September 24, 2008 2:43 PM
  • Hi. As Sean says, I would also recommend you checking if you have universal access to everything on the server. In addition, I would have a look at this: open Analytics Server Administration Tool, right click on server name, Properties -> Logging and Security => "Cubes use OLAP security" should be checked.

     

    Regards

    Thursday, September 25, 2008 8:25 AM

  • Hi Daniel and Sean,

      Thanks a lot for your replies. I have gone through the Analytics server and "Cubes use OLAP Security" is already checked. I also checked the Analysis server and i have not added anyone in the server roles as sugessted by Sean. I have added 'everyone' in the membership of SSAS roles. When others are able to login the role is working fine. They are able to see only those data to which they have permission. Its only in my case where i am able to see all the data. I am the administrator not to mention this. But we have designed the security such that even the administrator should see only those data to which he has access.
    Thursday, September 25, 2008 9:29 AM
  • Another thing to check would be the 'BuiltinAdminsAreServerAdmins' server property.

     

    http://www.microsoft.com/technet/prodtechnol/sql/2005/ssasproperties.mspx

    Thursday, September 25, 2008 1:10 PM
  • Thanks a lot Sean.
    Thursday, September 25, 2008 2:04 PM
  • Hi Sean,

      What kind of authentication should i go for if my PAS and sharpoint are in one machine and SSAS on a different machine. Is it Kerberos or normal Windows integrated ??

    Thursday, September 25, 2008 2:13 PM
  • I'm just jumping in on your last question - when PAS and SSAS are one different boxes, you have a double-hop problem.  Most people employ either Basic authenticaiton on PAS or Windows Integrated with Kerberos Delegation.  Please see this article.

     

    http://blogs.technet.com/proclarity/archive/2008/04/08/cube-cannot-be-found.aspx

     

    Thanks,

     

    -Joey

     

    Thursday, October 16, 2008 11:46 PM