0

Using Metadata Security in Ver6 Admin

We have been reviewing the new cube security options (for both dimensions and measures) in the V6 admin metadata capability and are a debating the pro's and con's of using it versus the cube's security.

Has anyone else made a similar decision? Any shared experiences they can offer?

thanks

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi,

    The metadata capability on the admin pages was introduced in order to allow admin users to control the analytical experience of the business user with out the need to have access to the DB servers. This has a few advantages like ease of use, time to delivery and functionality.

    To answer your main question regarding the security options, via the Pyramid admin you can control which groups of users can see what measures, attributes and hierarchies based on Pyramid user group, i.e. Pyramid roles.

    Let me illustrate that with an example:

    Lets say you have 2 user groups of "finance" and "operations" where you would like only the user in the finance group to see  measure "profit" while both finance and operations should see the measure "revenue".

    In this case we will "hide" the measure "profit" from the operations user groups, i.e. operations Pyramid role.

    see screen shot attached.

    Regarding the question when to use the Pyramid security vs the DB security, based on our experience the Pyramid security is well suited for object access security. i.e. which user can see what data models, measures, attributes and hierarchies. while the DB security is better suited for row / data level security , i.e. which user can see what items within a data category.

     

    Tnx,

    m

    Reply Like
  • Just to add onto Michael's answer,

    It is not possible to secure measures and entire hierarchies in Analysis Services natively.

    On the other hand, BI Office secures these elements by hiding them – not preventing the user from accessing them.

    Reply Like
  • Regarding the question when to use the Pyramid security vs the DB security, based on our experience the Pyramid security is well suited for object access security. i.e. which user can see what data models, measures, attributes and hierarchies. while the DB security is better suited for row / data level security , i.e. which user can see what items within a data category.

    Would it be possible/wise to use Pyramid security to provide a cleaner dicing experience for users?  For example, I am typically creating SSAS perspectives to limit the options that appear within the dicing menu for users that would be overwhelmed by browsing through many dimensions and hierarchies.

    Reply Like
  • Yes, this will work, however, if a user will open a report that is using one of the hierarchies that were hidden in the Metadata library, he will be able to see it.

    Reply Like
  • Hi Tim,

    Our approach is similar to perspectives and is easier, beside we can resolve it on the app without redesigning the database.

    This therefore provides millions of combination and it's quicker

    Reply Like
  • I have tried thise feature but when i connect on my cube, i always see the measure.

    I have followed the process on the attached png

    Have you an idea ?

    Reply Like
  • Hi Jean-Pierre, 
    Admin settings are loaded once, on the first time the application starts.
    After making changes in the admin, please restart your client side browser.

    Thanks.

    Reply Like
login to reply
Like Follow
  • 7 mths agoLast active
  • 7Replies
  • 717Views
  • 7 Following