Roles (Analysis Services)
Roles are used in Microsoft SQL Server 2005 Analysis Services (SSAS) to manage security for Analysis Services objects and data. In basic terms, a role associates the security identifiers (SIDs) of Microsoft Windows users and groups that have specific access rights and permissions defined for objects managed by an instance of Analysis Services. Two types of roles are provided in Analysis Services:
- The server role, a fixed role that provides administrator access to an instance of Analysis Services.
- Database roles, roles defined by administrators to control access to objects and data for non-administrator users.
The Analysis Services server role defines administrative access of Windows users and groups to an instance of Analysis Services. Members of this role have access to all Analysis Services databases and objects on an instance of Analysis Services, and can perform the following tasks:
- Perform server-level administrative functions using SQL Server Management Studio or Business Intelligence Development Studio, including creating databases and setting server-level properties.
- Perform administrative functions programmatically with Analysis Management Objects (AMO).
- Maintain Analysis Services database roles.
- Start traces (other than for processing events, which can be performed by a database role with Process access).
Every instance of Analysis Services has a server role that defines which users can administer that instance. The name and ID of this role is Administrators, and unlike database roles, the server role cannot be deleted, nor can permissions be added or removed. In other words, a user either is or is not an administrator for an instance of Analysis Services, depending on whether he or she is included in the server role for that instance of Analysis Services. Related topics:Granting Administrative Access, Setting Server Configuration Properties.
An Analysis Services database role defines user access to objects and data in an Analysis Services database. A database role is created as a separate object in an Analysis Services database, and applies only to the database in which that role is created. Windows users and groups are included in the role by an administrator, who also defines permissions within the role.
The permissions of a role may allow members to access and administer the database, in addition to the objects and data within the database. Each permission has one or more access rights associated with it, which in turn give the permission finer control over access to a particular object in the database. Related topics:Permissions and Access Rights (SSAS), Granting User Access