Adding all rights is ok for my sandbox environment, but what is the best practice for assigning rights and permissions to SSAS in a production environment?

What are people doing out there that is considered the safe norm?

Thanks,

Andre Ranieri