none
Private Security Model Integration

    Question

  • Does anyone have any recommendations on tieing the Microsoft AS security model in with an independent security model. We are at the beginning process to discuss this with a very large international partner and are looking for recommendations form anyone who has done this before.

    Thanks in advance

    Alan

    Friday, August 27, 2010 2:48 AM

All replies

  • I'm not sure I understand the question...

    What do you mean by "an independent security model"? Are you specifically referencing a model (i.e. concepts with no particular technology in mind) or a specific implementation of a given technology to match your security requirements?

    Either way, it is very hard to recommend how AS might tie into an unknown model and/or technology. Essentially Analysis Services makes use of Windows integrated authentication (i.e. no username/password pairs) applied to AS roles where AS roles are given permissions to view cubes, dimensions, members or even cells though that latter level can be quite slow to query as you can imagine.

    Friday, August 27, 2010 9:27 AM
  • Basically a client that is in the CRM industry wants to integrate their security model into AS somehow so seeing if anyone has managed to do this. The client is a fairly well known software copany. Often software companies want to tie users into their security model so as to keep them dependent. The only possible way, but I would need to investigate is a possible assembly to do this but would still need to map somehow into Windows.
    Friday, August 27, 2010 7:34 PM
  • Analysis Services uses Microsoft Windows Authentication to authenticate user access. And so the security is strongly compared to windows security.

    You can find many articles and white papers in the internet about this specific topic.

    http://msdn.microsoft.com/en-us/library/bb500251.aspx

     


    My Profile

    Jordan Group

    Raed Taha

    Friday, August 27, 2010 7:52 PM
  • The only possible way, but I would need to investigate is a possible assembly to do this but would still need to map somehow into Windows.

    Do you mean you want to use the accounts/roles of your client to access SSAS? If so, yes you may need to map the account into Windows account. One possible workaround is configuring HTTP access, and then choose basic authentication.You can create an application to map the account with several windows accounts and then pass the windows account to the SSAS via IIS. More information, you can refer to:

    http://social.msdn.microsoft.com/Forums/en/sqlanalysisservices/thread/62e5968c-6f83-4ff7-9b63-051020df2b80

    http://social.msdn.microsoft.com/forums/en-US/sqlanalysisservices/thread/e9469e35-22f3-4abb-ad33-c8c8e7d295d5

     

    Hope this helps,

    Raymond
    Raymond Li - MSFT
    Wednesday, September 01, 2010 6:11 AM
    Moderator
  • With regards the statement "Often software companies want to tie users into their security model so as to keep them dependent "... Are you saying that this software company wants to tie users into their security model or that they don't want to?
    Wednesday, September 01, 2010 8:10 AM