Chapter 19: Securing Your Data in Analysis Services

Overview

Your data has value, and as with any item of value it must be protected from outside threats. Security is the set of techniques used to provide you that protection. Indeed, security is an important consideration in the area of business intelligence. Think about it — the very keys to your company's profitability can be surfaced through your data and analytical applications. Just as you secure your personal belongings in a safe place, like a safe deposit box, you must secure your corporate data and applications. In the real word, a safe deposit box has a lock on it requiring a key for entry; only people to whom you give access (provide the key) can actually open the secured object. These concepts map directly onto Analysis Services security. Analysis Services provides you ways to protect your data so that you can restrict access to only those users who are authorized.

The environment within which you are working has a significant impact on the security precautions you should take. In general, if a server is running within the confines of a firewall it helps mitigate the external threats posed and provides increased protection. Disabling unused services/features that can potentially be exploited by hackers is yet another way to reduce risk. Running servers under least-privilege accounts like the network service account also helps ensure your system will not be compromised. Analysis Services provides you the ability to enable or disable various features and run under least privilege accounts on the system as seen in Chapter 12. In addition to these techniques, you learnt additional core security features in Analysis Services that restrict access to unauthorized users (in Chapters 9 and 12.)

In this chapter you learn about the security features in Analysis Services that allow the administrator to define access permissions such as read or write to objects in Analysis Services, followed by restricting access to sensitive data only to those who are allowed to access the data. Restricting access to cube and dimension data is done by specifying MDX expressions that define if the member or cell can be viewed by the user. What better way to learn how to restrict the data than a real world scenario? You learn the functionality of restricting dimension and cell data by means of two scenarios.