hi we've begun recording apps x roles at my company. Currently the apps are erp's but i think roles attached to tabular models would blend nicely, especially if i can find a way to also expand the groups assigned to certain roles. i'd feed the data daily. from what i've seen AD has some kind of query capability but i couldnt get it too far in my installed AD client.
if you are comfortable with PowerShell, this example command will get all end users, including those that are members via a group-within-a-group:
here i am assuming you found a group named "SSASTabularAccess" with current permissions, and want to know who's getting access.
Get-ADGroupMember -Identity "SSASTabularAccess" -Recursive | SELECT -property SamAccountName |Sort-Object -Property SamAccountName
Lowell
March 22, 2024 at 11:21 am
thx lowell, by any chance do you also know how to get a list of members/groups from each role under a tabular model database? I might have asked too many questions in this post and can easily post this portion in a new post.
March 22, 2024 at 5:17 pm
This?
SELECT * FROM $System.TMSCHEMA_ROLES
SELECT * FROM #TMSCHEMA_ROLE_MEMBERSHIPS
March 26, 2024 at 1:52 pm
thx chrissy321. Where would i run that? in the engine on the same server where ssas is? I dontg think t-sql ius a choice of language on the ssas instance. i get an error when i run that on the engine.
March 26, 2024 at 2:50 pm
You can issue an MDX query or a TSQL query against a linked server.
https://www.sqlshack.com/linking-relational-databases-with-olap-cube/
March 26, 2024 at 4:24 pm
thank you chrissy321,
i read your link quickly and see if i have an mdx query, it would be sent native thru openquery probably via a new query from a db or the instance itself.
But i can also send thru openquery your t-sql looking querys?
March 26, 2024 at 7:56 pm
This is tsql
DROP TABLE IF EXISTS #Roles;
SELECT * INTO #Roles FROM OPENROWSET
(
'MSOLAP',
'Data Source=localhost;Initial Catalog=YourSSASDatabaseName;Provider=MSOLAP.4;Integrated Security=SSPI;Format=Tabular;',
'SELECT * FROM $System.TMSCHEMA_ROLES'
);
DROP TABLE IF EXISTS #RoleMemberships;
SELECT * INTO #RoleMemberships FROM OPENROWSET
(
'MSOLAP',
'Data Source=localhost;Initial Catalog=YourSSASDatabaseName;Provider=MSOLAP.4;Integrated Security=SSPI;Format=Tabular;',
'SELECT * FROM $System.TMSCHEMA_ROLE_MEMBERSHIPS'
);
SELECT * FROM #Roles
SELECT * FROM #RoleMemberships
March 27, 2024 at 12:32 pm
thx, so those 2 selects are mdx. i was able to run them right on the ssas instance without a linked server. But i understand the value in having a linked server where more flexibility is possible. Now i have to decide whose post to mark as an answer. i believe only one answer is allowed per post on this forum. Chrissy321 i "liked" yours and marked lowell's as an answer. next time i'll separate posts better.
Viewing 9 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy