August 19, 2015 at 2:37 pm
We are running SQL Server 2014 SP1. I am trying to grant our developers access to connect to SSAS. On the Analysis Server Properties Box, Security Page, it has a box for Server administrators and it has Add and Remove Buttons for adding or removing users/groups. This Analysis Server Properties Box, Security Page, states that "The server administrator role is used to grant server-wide security privileges to a user or a group of users."
Is the Analysis Server Properties Box, Security Page the right place where I need to add the developers in order for them to be able to connect to the Analysis Server Instance from within Visual Studio? Would this give them administrator access or allow them to grant server-wide security? Is there a way to give the developers least privileges but still allow them to connect to the Analysis Server?
Thanks in advance.
August 19, 2015 at 2:45 pm
That section is to assign instance wide administrative privileges only. Go into the "Roles" section of each SSAS database to assign specific roles/permissions.
August 19, 2015 at 3:15 pm
Maybe, I am missing something, but don't the developers have to be able to connect to SSAS? I am asking about allowing them to connect to SSAS from within Visual Studio so that they may create their databases, cubes, etc. Or, if the DBAs create the databases, the developers still have to be able to connect to SSAS, right? Please clear this up for me.
August 19, 2015 at 3:23 pm
HookSqlDba7 (8/19/2015)
Maybe, I am missing something, but don't the developers have to be able to connect to SSAS? I am asking about allowing them to connect to SSAS from within Visual Studio so that they may create their databases, cubes, etc. Or, if the DBAs create the databases, the developers still have to be able to connect to SSAS, right? Please clear this up for me.
SSAS security is a little different to SQL Server database security. There is no concept of login and database user, and assigning somebody to a role in an SSAS database will allow them to log into the instance.
If you want to allow developers to create SSAS databases, you will have to assign instance-wide administrative permissions. If however you want to create the databases as a DBA and give developers full permissions to create, deploy and change objects within that database...that is administered through the roles within the database itself.
August 21, 2015 at 9:14 am
Thanks Martin for clearing this up for me. I am new to the SSAS scene.
I am going to make another post regarding "separation of duties between DBAs and Developers when working with SSAS Multi-Dimensional and Tabular Models." I was not sure if I should have put it under this post.
August 21, 2015 at 9:26 am
HookSqlDba7 (8/21/2015)
Thanks Martin for clearing this up for me. I am new to the SSAS scene.I am going to make another post regarding "separation of duties between DBAs and Developers when working with SSAS Multi-Dimensional and Tabular Models." I was not sure if I should have put it under this post.
Although related, it would be better to create a separate thread 🙂
November 2, 2015 at 2:17 pm
I went through the process of installing SQL Server 2014 EE, SQL Server 2014 SP1, SSAS Multi-Dimensional Mode (Default Instance), SSAS TABULAR (Named Instance) and Data Quality Services. I DID NOT create any developer's logins/users. I DID NOT create a SSAS Database (so therefore I did not create a role within the SSAS database). I asked a developer to try to connect to the SSAS default and named instances, and lo and behold they were able to connect using SSMS. Is this the way SSAS works out of the box? Are developers automatically allowed to connect to SSAS using SSMS? Now, I wonder if it works the same for VS.
Just curious. Thanks for any comments.
November 2, 2015 at 2:28 pm
There may be some instance-level permission allowing that person to access the instance. Check the SSAS instance properties to make sure.
November 3, 2015 at 6:37 am
You might want to check the server advanced property BuiltinAdminsAreServerAdmins - even though they are not shown as a Server Administrator in the Analysis Server Properties Security pane, they may be admins through this setting. As the following link mentions, "By default, members of the local Administrators group are also granted administrative rights in Analysis Server. Although the local group is not explicitly granted membership in the Analysis Services server administrator role, local administrators can create databases, add users and permissions, and perform any other task allowed to system administrators."
https://msdn.microsoft.com/en-us/library/ms174561(v=sql.120).aspx
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply