Secure Deployment (Analysis Services - Multidimensional Data)
Securing Analysis Services includes maintaining a secure environment and following all best practices for system security. This page provides links to help you locate the information that you need in order to more securely deploy your Analysis Services solution.
Securing the Analysis Services Instance
Provides a general overview of the steps required to protect an instance, and to make sure that only authorized users have permission to access it.
User Access Security Architecture
Provides a general overview of the steps required to protect Analysis Services objects (such as databases, dimensions, cubes, data mining models, etc.), and to make sure that only authorized users have permission to access them.
In This Section
Granting Administrative Access
A user must be a member of the Analysis Services server role to perform any server-wide task, such as creating a database, modifying server properties, or launching a trace (other than for processing events). By default, the members of the Administrators local group are members of the Analysis Services server role. However, their membership in this server role does not appear in the user interface.
For more information, see Granting Server-Wide Administrative Permissions
Granting User Access
User access to objects such as cubes, dimensions, and mining models within an instance of Microsoft SQL Server Analysis Services is granted through membership in one or more database roles. Analysis Services administrators create these database roles, grant read or read/write permissions on Analysis Services objects for these roles, and then add Microsoft Windows users and groups to the roles.
How to: Configure Windows Firewall for Analysis Services Access
Windows Firewall system prevents unauthorized access to computer resources. To access an instance of Analysis Services through this firewall, you must configure the firewall to enable access.
You must configure your firewall to enable access to the relevant port for authorized users or computers. This might include configuring Analysis Services to use a specific TCP/IP port. The default instance of Analysis Services uses port 2383, but this can be changed. Named instances of Analysis Services use dynamic ports.