Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSAS Security Model with Maintenance Plan

Published byThomasine Alyson Conley Modified over 6 years ago

Similar presentations

Presentation on theme: "SSAS Security Model with Maintenance Plan"— Presentation transcript:

1 SSAS Security Model with Maintenance Plan
Secure Enable Maintain Sustain Work smart instead of hard. Enable the business through technology. Create a sustainable, maintainable technology solution; by careful planning and building the correct solution fit to solve the right problem.

2 About Me… MCP: Microsoft SQL Server 2008, Business Intelligence Development and Maintenance MCTS: Microsoft .NET Framework 3.5 ASP.NET, Applications MSBI Consultant/Independent contractor LewiCool Consulting 15+ yrs Industry Experience Educator, Network Engineer, Technologist, Consultant Tour Guide (continental US),River Surfing Guide 10 yrs Experience in the MSBI Space Government,Education,Telecom,Travel,Manufacturing Corporate/Finance/Legal/Information Security/IT

3 Problems, Solutions and Data Oh MY!
End users need data Presentation layer data needs to be secured/segregated Valuable Technology Talent has limited time and excessive work load MS has created coupled technologies that enable the end-to-end solution big win.

4 Cube Security 101 SSAS Roles are AD dependent
SSAS Security basically divided into 2 types: Administrative Role containing the administrators of the cube Creating/modifying/processing User Related Permissions for viewing Cube data Essentially the “Read” permission on the cube Dimension based Cell based Define what data will be rendered to presentation layer.

5 Get ‘er DONE! Keep it Simple Stupid (yet Comprehensive).
Identify exactly who needs to see what Make use of the Existing Security Processes. Stand on the Shoulders of Giants Not your job (or problem) AD Admins can be your best friend Existing Business Process can enable the big win Listen, Listen, Listen Build the right solution Listen to the reporting needs ENABLE the Business with Technology DO NOT create extra work that will not further the business

6 Who needs what? If Possible use existing groups in Active Directory to define roles in the Cube AD Admins can identify and enable this process Existing groups Naming conventions Identify the partitions in reporting needs VP, Directors, Managers, Business Units, Locations Identify the patterns in the underlying data Country,State,Division,Territory

7 Dissect the data to tell the story
Identify a pattern in the underlying data as it relates to the business and security. The data will inherently be organized into patterns with relationships The business reporting needs will be driven by the very essence of the data: Who did what, where, when, how Evaluate the underlying data for design patterns for security roles Model the security design on business reporting model

8 Who’s job is it? Three fold security implementation
Secure & Enable: Integrated Security and Service Accounts enable the comprehensive framework Drive report development to leverage the SharePoint Data Sources Secure & Enable: SSAS roles determine the type of data available depending on the role passed through to the Cube Maintain & Sustain: SSIS is the tool kit to create and maintain the cube roles

9 “Who see’s what....” Data Sources the gate keepers:

10 Data Sources are the root of the solution!
Service Accounts Solution High level data access Dashboards Enterprise level totals Integrated Security Solution Pass through the credentials of the current user Selective reports developed to harness the cube roles security Note: Sharepoint Integrated Solutions may require full Kerberos buildout to handle “double hop” issues.

11 Identify the “Role” Security will play in the cube
What needs to be secured Where can security design patterns be implemented 90-10 Make that 90% count Put busy work in it’s place Make that 10% fit Ensure the VIP access

12 Roles in the cube restrict/allow access to data

13 Create Cube Roles Define cube roles as they will relate to the business

14 Read Definition Required

15 Read Access to the Cube

16 The Who

17 The What

18 reuse ReUse reUse RE-USE
Create an initial Role to use as a template SSMS enables duplication of a role Script the duplication Create the XMLA script to a new query window XMLA script can be broken apart and implemented in a SSIS script task Using SSIS enables C#, SQL, XMLA and connections to EVERYTHING

19 XMLA Scripts to create Role

20 XMLA Role Script

21 Use the Data!

22 SQL fills a DataSet Use the DataSet filled by the SQL task
A ForEach Loop breaks out each item in the dataset The script task takes advantage of the variables set by the ForEach Loop Parameters and variables and Strings Create a custom XMLA script to execute for each country role

23 SSIS enables the Framework

24 SSIS Script Task is the Key

25 SSIS implementation C# Script Validate AD Group
Parameterize valuable data Accommodate complex/elegant data Build custom XMLA Script

26 SSIS XMLA task “do WORK”

27 Maintenance Create Tool Set to maintain security in cube quickly and effciently. The same framework can be used to quickly create and delete all the roles in the cube(s) Nightly and/or weekly runs of this frameset can help maintain a comprehensive security model

28 SSIS maintenance framework.
Securing The Cube. SSIS maintenance framework. Questions?

29 Contact me…

Download ppt "SSAS Security Model with Maintenance Plan"

Similar presentations

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.

Computer Monitoring System for EE Faculty By Yaroslav Ross And Denis Zakrevsky Supervisor: Viktor Kulikov.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Implementing Business Analytics with MDX Chris Webb London September 29th.

Implementing Business Analytics with MDX Chris Webb London September 29th.
CategoryCapability + Recommended Tool Analysis Self Service BI with Power View integration Ad-Hoc (e.g. user defined) views Interactive analysis.

CategoryCapability + Recommended Tool Analysis Self Service BI with Power View integration Ad-Hoc (e.g. user defined) views Interactive analysis.
Microsoft Office SharePoint Server Business Intelligence Tom Rizzo Director, Microsoft Office SharePoint Server

Microsoft Office SharePoint Server Business Intelligence Tom Rizzo Director, Microsoft Office SharePoint Server
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
SQL Server Management Studio Introduction

SQL Server Management Studio Introduction
OM. Brad Gall Senior Consultant

OM. Brad Gall Senior Consultant
SQL Server Integration Services (SSIS) Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server (MVP) Microsoft Certified Technology Specialist.

SQL Server Integration Services (SSIS) Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server (MVP) Microsoft Certified Technology Specialist.
SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.

SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.
1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.

1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.
DAT 332 SQL Server 2000 Data Transformation Services (DTS) Best Practices Euan Garden Product Unit Manager SQL Server Development Microsoft Corporation.

DAT 332 SQL Server 2000 Data Transformation Services (DTS) Best Practices Euan Garden Product Unit Manager SQL Server Development Microsoft Corporation.
Intro to Datazen.

Intro to Datazen.
1 Copyright © 2008, Oracle. All rights reserved. I Course Introduction.

1 Copyright © 2008, Oracle. All rights reserved. I Course Introduction.
Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager 2007 - Overview.

Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.
6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.

6/13/2015 Visit the Sponsor tables to enter their end of day raffles. Turn in your completed Event Evaluation form at the end of the day in the Registration.
Explore engage elevate Data Migration Without Tears Mike Feingold Empoint Ltd Tuesday 10th November 2015.

Explore engage elevate Data Migration Without Tears Mike Feingold Empoint Ltd Tuesday 10th November 2015.
Practical MSBI(SSIS, SSAS,SSRS) online training. Contact Us: Call:+91-9052666559 Visit:www.sqlservermasters.com.

Practical MSBI(SSIS, SSAS,SSRS) online training. Contact Us: Call: Visit:

Similar presentations

Ads by Google