It seems that people can use Excel to browse the Cube, thats all good and fun. But we do not like for all the users to be able to go through the cube using excel (only a select group). The problem is that i have to create roles for the users to set their security for the report server. So that they can open the reports i've created. But if i'm not mistaking by granting users access to the cube to be able to use my reports I automaticly give them access through Excel ?!
Is there a way to give people access to the cube via report server and block their access for Excel ?
Please help me you experts 
Hello! It is possible to block the access from an Excel client by using a dedicated SSAS2005 role for reporting services.
You create a single windows account for SSRS2005 execution of SSAS2005 reports, add that account to a cube role and stop using windows integrated security.
In this way it is only this dedicated SSRS2005 account that have access to the cube.
I assume that you do not use any detailed security in the cubes like dimension restrictions and cell security.
HTH
Thomas Ivarsson
|||That would be a nice solutions but its not possible in my case because i need to set security for users with restructions as you also posted below, i have like 30 different roles allowed groups of people to access certain dimensions. It would be much easier if there was an option in the roles to allow or disallow Excel, but i guess there is no such thing ? So basicly i'm stuck ?|||
In SQL Server you have application roles but I have never heard about that in SSAS2005.
One way can be to remove the OLEDB for OLAP 9 from each Excel client if your users are on the same LAN.
I can not see any other solution than the ones outside of SSAS2005.
Regards
Thomas Ivarsson
|||We're dealing with a similar issue. One approach is to define a users dimension with a many-to-many relation to a security measure group. The linkages between the security measure and the various dimension members would allow you to redefine all your security roles as follows:
Everyone who should have direct access to the cube for Excel, ProClarity etc, would have a role attached to his particular username in the user dimension.
THen the Reporting Services reports would be run under the privileged account. The RS queries would have to specify the username perhaps a hidden parameter you can fill from either a data driven subscription or from an extension to the web browser.
Its' complicated. It's not all that efficient (many-to-many dimensions are not wonderful). It requires either a data driven subscription or a custom web viewer control to fill the parameter. But I think it will work.
|||Darn so there is no "easy" solution 
I suggest Microsoft brings out a servicepack 3 with application roles in it
No comments:
Post a Comment