locked
Dimension Data Permission Problem RRS feed

  • Question

  • Hi All, Here is my Region dimension:

    Africa,
    Asia,
    North America,
    South America

    I have
    Admin Role and Clerk Role


    For Admin Role, it can view all dimension data; for clerk role, it can view *Africa* ONLY

    Admin Role contains domain\user1
    Clerk Role contains domain\user2

    I have set it in business intelligence development studio. Roles->Dimension Data. And i have verified it in SSRS and Excel using user1 and user2. The result is in expected.

    However, when it comes to Performance point monitoring server using Analytic grid/chart. The permission setting is not effective now.
     i.e. Clerk role (domain\user2) that expected to view Africa only, now, in performance point, it can view all dimension data. (no matter in the dashboard designer/preview or sharepoint webpart)

    How to solve that problem?

    It seems that the performance point doesn't recognized the cube permission settings I am using PPS SP3 already.

    Thank you for your kind advice.
    Wednesday, December 2, 2009 7:25 AM

Answers

  • You would need to enable the PerUser or CustomData connection setup in the web.config file so that you are not using the default Application Pool identity account to connect to the data source.  Once you have this enabled and depending on your setup possibly Kerberos you will be able to pass the identit of the current user to the data source and you will see that your security is working properly.

    Configuring Kerberos Delegation with PerformancePoint Monitoring Server
    http://www.microsoft.com/downloads/details.aspx?familyid=86f0952b-2357-411f-8810-a9b7c7be7d9f


    This video also goes over setting up the PerUser setting.
    Dan English's BI Blog
    Wednesday, December 2, 2009 5:47 PM