EXERCISE TOPIC▼
SSAS EXERCISES▼
SSAS - TABULAR EXERCISES▼
- Creating a data model (2)
- Excel pivot tables (1)
- PowerView (2)
- Power BI Desktop overview (1)
- Other data sources (1)
- Calculated columns (4)
- Measures (3)
- Changing query context (2)
- The EARLIER Function (1)
- DAX queries (3)
- Date calculations (3)
- Hierarchies (1)
- KPIs (2)
- Perspectives (1)
- Prototyping using PowerPivot (1)
- Security (2)
SSAS - tabular | Security exercise | Apply security roles to restrict model access in various ways
This exercise is provided to allow potential course delegates to choose the correct Wise Owl Microsoft training course, and may not be reproduced in whole or in part in any format without the prior written consent of Wise Owl.
You can learn how to do this exercise if you attend the course listed below!
Software ==> | SSAS - tabular (30 exercises) |
Version ==> | SSAS 2012 and later |
Topic ==> | Security (2 exercises) |
Level ==> | Harder than average |
Course ==> | SSAS - Tabular Model |
You need a minimum screen resolution of about 700 pixels width to see our exercises. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.
If you haven't already done so, run the SQL script referenced in other SSAS Tabular exercises to generate a database (not for commercial use or copying) called MAM.
Create a new project and model, and import the following tables: tblAnimal, tblProduct, tblSpecies, tblTransaction. Create a measure in the transactions table to show total quantity sold.
Create a role called Penguins only, with a row filter which says that you should only be able to see data from the Animal table when the following conditions hold:
Condition | Notes |
---|---|
Animal is a penguin | The AnimalName column for the query context is Penguin |
CustomData is set | The CustomData information in the connection string passed in is set to Penguin lovers. |
Analyse your model in Excel using the Penguins only role, to get the following pivot table:

This is showing quantity sold by product, but the role isn't allowing you to see any data.
Now amend the connection string in Excel to include the following phrase:

The text to add to your connection string (the rest of the string will be different, of course, on your machine).
Refresh your pivot table if necessary to get:

You should now be able to see your penguins!
Now go into Management Studio and run the script called Create table of authorities.sql from the folder at the top of this exercise. This should create the following table of authorities:

A table showing which roles have access to which data.
Import this table into your data model.
Create two roles with read access to data, and set row filters for the Animal table as follows:
Role | Access to animals table |
---|---|
BG | If you can find a row in the tblAuthority table where the Person is Bear Grylls and the Animal matches the AnimalName for the current query context, return TRUE(); otherwise, return FALSE(). |
Others | The same logic, but this time looking for Everyone else. |
Analyse your model in Excel using the BG role - you should see only the following animals:

The animals made visible by the BG role.
Manually edit the connection string in Excel to use the Others role, not the BG one, to see:

The data for cute and cuddly (or at least, safe) animals.
Optionally, save this workbook as Most deadly, then close it and your model down.