locked
ProClarity Security RRS feed

  • Question

  •  

    Hi everyone, i have a customer that need publish some proclarity views in internet, where domain\user does not exists. He have implemented a custom security model, based on user/password for his custom application and he need to integrate that applicacion with Proclarity views. SSAS cubes have implemented dynamic security using customdata property (through mdx Customdata() function). How can i use that security model (dynamic security) with Proclarity. Can i modify the connection string to add the customdata property?

    is there another option to integrate the custom application based on user/password (not domain user) and proclarity (which use NT authentication). Of course, without implement full data access to anonymous users.

     

    thanks in advance...

     

    Tuesday, March 25, 2008 3:50 PM

All replies

  • Moving to the ProClarity forum.

     

    Thanks,

    Jon Thomas

    Tuesday, March 25, 2008 9:14 PM
  • tfcarlos,

     

    I'll take a shot at this - PAS runs on and uses IIS security.  In 6.2, we shipped a sample for alternate security which would allow PAS (ASP) to authenticate users from your custom DB.  I will respond to this post again if that is still available.    

     

    I do not know about modifying the connectin string to add a customdata property.  However, you may be able to secure your data based on the user and parameters in the PAS request/query URL.  I'll forward this post to a collegue and see if he knows anything further.   

     

    Thanks,

     

    -Joey

     

    Friday, March 28, 2008 11:50 PM
  • Thanks Joey, I will appreciate any type of aid to resolve this problem....

     

    Thanks again...

    Saturday, March 29, 2008 1:02 AM
  •  

    Thank you Joey, i tried that and it is working. Only one comment...

    there is a little problem if i implement that solution. I need to create one account of my domain per each custom user...If i could modify the connection string to add CustomData property, i can manage the securtity inside the SSAS as a dynamic security and i do not need to create domain users...

    I will evaluate to implement the option that you send, but that depends on my customer...

    Again, thanks a lot...

    (if you know another option, let me know...pls)
    Wednesday, April 2, 2008 6:31 PM
  • I'm not sure about the CustomData property specifically.  But, I've found some info that may help you.  Please refer to the ProClarity SDK from download.microsoft.com.

     

    If you’re interested in changing connection string properties for the ProClarity client, that can be done from the registry. The path will be HKLM\SOFTWARE\ProClarity Corporation\Server\Properties. This key will contain a new string value (create a new string value by right clicking on the new Properties key and selecting new String value) for each XMLA Connection String property that will be implemented. After creating the new string value in the Properties key, you will need to assign the appropriate value. Please be aware that only certain connection string properties are able to be set at initialization, but if they can be set, they will be picked up from this registry key. You must also be sure the correct values are supplied for each property.

     

    To change other connection string properties, you will have to modify the registry...  The registry path is as follows:

    HKLM\SOFTWARE\ProClarity Corporation\Server\Properties

    I will however note that properties in that registry setting are only set at initialization, so if the property cannot be set at that time (for instance, it needs to be set on the connection), it will not be set correctly.  With SSAS, a new connection from PAS can be forced each time with changing the Global.asa in PAS to disable connection pooling. 

     

    More information - this may only be fully accurate with AS 2000 since SSAS resolves all queries on the server.

     

    You will need to enter key string values according to PTS connection string properties.

    This key will contain a new string value (create a new string value by right clicking on the new Properties key and selecting new String value) for each PTS Connection String property that will be implemented. After creating the new string value in the Properties key, you will need to assign the appropriate value. The example below will force the resolution of queries to occur on the server. (NOTE: It is important to note that Analysis Services will not resolve all queries at the server, even with these settings specified. For more information see: http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx).

    Default Isolation Mode = “1”
    Execution Location = “3”
    Client Cache Size = “0”

     

    More information on using PImpersonate:

     

    Back in ProClarity 6.0, a feature was added to PAS that allowed additional parameters to be added to the OLE DB for OLAP connection string (PTS) via entries in the registry. This was done primarily to add the Execution Location settings to push most queries to the server. 

    This feature could possibily be used to hard-code the Username and Password to use in connecting to Analysis Services 2005.


    Here are the registry settings:

    [HKEY_LOCAL_MACHINE\SOFTWARE\ProClarity Corporation\Server\Properties]
    "User id"="<domain>\<user>"
    "Password"="<password>"

     

    -Joey

    Friday, April 4, 2008 10:29 PM
  • Hello,

     

    I am having an issue a bit similar to that. The cube security uses the CustomData function to support a PPS Dashboard. I want to be able to connect using ProClarity and pass the connecting user's name in the CustomData property. I would like to know how you were able to solve that problem. Also, I can't find the registery path mentioned, is that present with ProClarity 6.3 installation?

     

    Thanks,

    Katara

    Tuesday, September 9, 2008 9:35 AM
  • If you're using the Pro client, you would need to create the registry path, as the "Server" entry will not be in there by default.  However, if you're using the Pro client, a better option might be to write an add-in (see the ProClarity SDK available from the MS downloads site if you don't already have it) that will modify the connection string properties on the fly.  The registry entry solution was originally designed for the server, and was really meant to be a static solution.

     

    Thursday, September 11, 2008 8:34 PM
  • Joey, I have tried to use PImpersonate and it works with web standard, but when i try to use web professional, it changes to my user again. Is there any method to use web professional with the alternate security?

    Thanks again...
    Tuesday, January 6, 2009 7:01 PM
  • The Web Pro makes a direct connection to the cube once it gets the metadata from PAS, so unless you setup something to change the user from the client to cube, it will connect with the credentials running Web Pro.
    Microsoft ProClarity | This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, January 12, 2009 11:20 PM