Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Tips Database Forum Rss Feed

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
SQL Scripts & Samples
» Database Forum
» Slideshows
Free Newsletters:

News Via RSS Feed

Rss Feed

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles


Posted Jan 22, 2010

Introduction to Security in Analysis Services - Page 4

By William Pearson

Permission Objects

Permissions are associated with an object (cube, dimension, others) for a particular role. Permissions specify what operations the member of that role can perform on that object. The objects that can be associated with permissions are as follows:

  • Database
  • DataSource
  • Dimension
  • Cube
  • MiningStructure
  • MiningModel

Possible actions enabled by permissions are presented in Table 4.





True or False


If true, members can process the object and any object that is contained in the object.

(Process permissions do not apply to mining models. MiningModel permissions are always inherited from MiningStructure.)


None, Basic, or Allowed


Specifies whether members can read the data definition (ASSL) associated with the object.

If Allowed, members can read the ASSL associated with the object.

Basic and Allowed are inherited by objects that are contained in the object. Allowed overrides Basic and None.

Allowed is required for DISCOVER_XML_METADATA on an object. Basic is required to create linked objects and local cubes.


None or Allowed


(Except for DimensionPermission, where default=Allowed)

Specifies whether members have Read access to schema rowsets and data content.

Allowed gives Read access on a database, which allows a user to discover a database.

Allowed on a cube gives Read access in schema rowsets and access to cube content (unless constrained by CellPermission and CubeDimensionPermission).

Allowed on a dimension grants Read permission on all attributes in the dimension (unless constrained by CubeDimensionPermission). Read permission is used for static inheritance to the CubeDimensionPermission only. None on a dimension hides the dimension and gives access to the default member only for aggregatable attributes; an error is raised if the dimension contains a non-aggregatable attribute.

Allowed on a MiningModelPermission grants permissions to see objects in schema rowsets and to perform predict joins.

Note   Allowed is required to read or write to any object in the database.


None or Allowed


Specifies whether members have Write access to data of the parent object.

Access applies to Dimension, Cube, and MiningModel subclasses. It does not apply to database MiningStructure subclasses, which generates a validation error.

Allowed on a Dimension grants Write permission on all attributes in the dimension.

Allowed on a Cube grants Write permission on the cells of the cube for partitions defined as Type=Writeback.

Allowed on a MiningModel grants permission to modify model content.

Allowed on a MiningStructure has no specific meaning in Analysis Services.

Note: Write cannot be set to Allowed unless Read is also set to Allowed.


Note: Only available in Database permissions.

True or false


Specifies whether members can administer a database.

True grants members access to all objects in a database.

A member can have Administer permissions for a specific database, but not for others.

Table 4: Possible Actions Enabled by Permissions (Source: MSSQL Server 2008 Books Online)

We will examine many of the properties, and the associated settings, that we use in establishing and maintaining security in Analysis Services in other articles of this subseries, where we will gain hands-on exposure to working with role-based security (and related subjects) in a practical environment.


In this article, we introduced general concepts surrounding security in Analysis Services 2008. We noted that our introduction to security is intended to serve as a lead-in to more detailed exploration of various concepts surrounding security in other, independent articles of this subseries that examine the implementation and maintenance of security, as well as hands-on sessions focused upon various tasks surrounding security.

After exploring general concepts surrounding security, we performed a brief overview of Role-based security in Analysis Services. We next examined the two general types of Roles in Analysis Services. We then discussed Role and Role Member Objects, focusing upon the Server Role the Database Role. Finally, we explored Access Rights and Permissions, including Permissions Inheritance and Permissions Objects.

About the Series ...

This article is a member of the series Introduction to MSSQL Server Analysis Services. The monthly column is designed to provide hands-on application of the fundamentals of MS SQL Server Analysis Services (“Analysis Services”), with each installment progressively presenting features and techniques designed to meet specific real-world needs. For more information on the series, please see my initial article, Creating Our First Cube.

» See All Articles by Columnist William E. Pearson, III

MS SQL Archives

Latest Forum Threads
MS SQL Forum
Topic By Replies Updated
SQL 2005: SSIS: Error using SQL Server credentials poverty 3 August 17th, 07:43 AM
Need help changing table contents nkawtg 1 August 17th, 03:02 AM
SQL Server Memory confifuration bhosalenarayan 2 August 14th, 05:33 AM
SQL Server Primary Key and a Unique Key katty.jonh 2 July 25th, 10:36 AM