How it works...

The preceding steps enable us to create the necessary security roles that are essential to manage security in Analysis Services objects and data.

The steps to create a specific security role within analytical databases needs elaboration, as it is different from the Server role and the Database role from the relational database world. Similarly, security roles also play very important roles in the SSAS world.

To manage security for Analysis Services objects and data, a role can be associated to the SIDs of Windows operating system users and groups that have specific access rights and permissions defined for the objects managed by SSAS instance.

The two different types of permissions that can be granted to a user are classified as Administrative Security and Data Security. Again such a level of permissions varies from the object of an Analysis Services Database. For instance a user can be granted to execute Local Cube read permissions on the Data Security level and Read Definition on the Administrative Security level.

Security is managed by using roles and permissions. Roles are groups of users and users can be referred to as members. Such members can be added or removed from the roles.

Permissions that are specified by roles can use the objects for which that role has permissions, as they apply to all the members in a role who have equal permissions to the objects. Also, the permissions collection of the object has a single role assigned to it.