How to use security roles to restrict access to your SSAS Tabular model
Part five of a five-part series of blogs

Perspectives in Analysis Services let you show different parts of your tabular model to different people, but they don't have any security. To ensure that the right eyes see the right bits of your model, you'll need to create and manage security roles, as explained in this blog.

  1. Security in SSAS Tabular - creating and managing roles
  2. Creating a permissions table
  3. Using CustomData to make row filters dynamic
  4. Controlling what a user sees using their logon name
  5. Assigning members to roles (this blog)

This blog is part of our online SSAS Tabular tutorial; we also offer lots of other Analysis Services training resources.

Posted by Andy Brown on 26 February 2016

You need a minimum screen resolution of about 700 pixels width to see our blogs. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.

Assigning members to roles

In practice you'd probably want a security role to be shared by a number of different users of your model:

Role for case study

You've created a role called RegionRole to show only London data, but now want to assign this to specific people.

 

To choose people for a role, start by clicking on the Members tab in the dialog box above:

Adding members to a role

Click on the Members tab, and then choose to add a member.

 

In the dialog box which appears, choose Locations:

Locations button

Choose which location to use.

Expand the Entire Directory to choose which domain to use:

Expand Entire Directory

Click on the + shown to expand the category to see the groups available.

 

Choose a group:

Choosing a group

Choose a group which should be assigned to this role.

 

As an alternative to the above, you could search for a person or group:

Searching for a user

Here I'm searching for a user containing Andy.B within the Entire Directory. Clicking on Check Names as shown will tell me whether the user exists (and if the user does exist, will fill in their full name).

Notes on how to add an Active Directory user group are shown in this StackOverflow article.

And with that, you've reached the end of this blog on security roles within SSAS Tabular!

This blog has 0 threads Add post