Configuring the Logon Account for Analysis Services
Microsoft SQL Server 2005 Analysis Services (SSAS) executes some tasks in the security context of the Microsoft Windows user account that is used to start Analysis Services, in other words the logon account, and executes other tasks in the security context of the user who is requesting the task.
Regardless of the security context in which Analysis Services performs a particular task, Analysis Services verifies the permissions of the user who issued the request, before running the task.
For tasks that Analysis Services performs in the context of its logon account, the logon account must have sufficient permissions and access rights to perform the tasks. At the same time, the logon account for Analysis Services should not be granted more rights than are required for the tasks to be performed, because excessive rights could pose potential security issues.
Each instance of Analysis Services runs as Windows service, Msmdsrv.exe, in the security context of a defined logon account.
- The service name of default instance of Analysis Services is MSSQLServerOLAPService.
- The service name of each named instance of Analysis Services is MSOLAP$InstanceName.
Each instance of Analysis Services is completely independent, with its own independent executables, security model, databases, cubes, and mining models.
If multiple instances of Analysis Services are installed, the setup program also installs a redirector service, which is integrated with the SQL Server Browser service. The redirector service is responsible for directing clients to the appropriate named instance of Analysis Services. The SQL Server Browser service always runs in the security context of the Local System account, a local administrator account used by Windows for system services that do not access resources outside the local computer.