Identity and Access Control (Analysis Services - Multidimensional Data)
SQL Server Analysis Services requires all users to be authenticated by the Windows operating system. Because Analysis Services does not have a provision to generate and maintain user credentials, as SQL Server database engine has, Analysis Services might allow anonymous connections. However, this is an operating system distinction that maps multiple possible users into one user defined as anonymous. This page provides links to help you locate the information that you must have to work with specific security packages, anonymous connections, and the Kerberos protocol.
Securing Client Communication with an Analysis Services Instance
The communication stream between clients and an instance of Microsoft SQL Server Analysis Services must be secured. During the setup process, default security settings are configured that control this communications stream. The default security settings try to guarantee that the communication between clients and an instance of Analysis Services is as secure as possible. However, depending on the sensitivity of the data and the security of the networks across which the data is accessed, these default security settings may or may not be suitable for you. This topic describes how to configure the communications to suit your needs.
User Access Security Architecture
Provides a general overview of the steps required to protect Analysis Services objects (such as databases, dimensions, cubes, data mining models, etc.), and to make sure that only authorized users have permission to access them.
In This Section
Requiring Specific Security Packages
By default, Microsoft SQL Server Analysis Services is configured to accept all Security Support Provider (SSP) security packages that the Microsoft Windows operating system supports for authenticating clients. See SSP Packages Provided by Microsoft for specific details about the standard security packages supported by the different versions of the Windows operating systems. As an example, Microsoft Windows NT and Microsoft Windows 2000 include the NTLM security package. Starting with Windows 2000, Microsoft also provides the Microsoft Kerberos protocol security package. Additionally, you may choose to install the Secure Socket Layer (SSL) security package, or any other Security Support Provider Interface (SSPI) compatible SSP. For a better understanding of SSP security packages, see SSPI and The Security Support Provider Interface.
Requiring Client Authentication
By default, Microsoft SQL Server Analysis Services requires clients to be authenticated by the Microsoft Windows operating system in order to establish a connection with the service. By default, Microsoft SQL Server Analysis Services will reject all requests from unauthenticated clients. To modify the client authentication requirement, the administrator must change the value of the Security \ RequireClientAuthentication server configuration property.
How to configure SQL Server 2005 Analysis Services to use Kerberos authentication
This topic describes how to configure SQL Server 2005 Analysis Services to use Kerberos authentication. The information in this topic also applies to SQL Server 2008 Analysis Services.