How BAT Security Works

by Admin9. January 2013 19:23

In this video we are showing how the security of BAT is working:

The main points are:

  1. If the check box "use for security" is checked for BAT-user, then BAT-user will have associated MSAS-role named "bad_user_john" (for example).  If the check box "use for security" is set for a BAT-role, then BAT-role will have associated MSAS-role named "bat_role_accountants" (for example).
  2. When you added a new cube link - do not forget to give permissions on a cube for your users or for roles, otherwise they will be unable to see reports.
  3. When report user opens a report, BAT-server starts the process OlapExecutor.exe which opens connection to MSAS. In this connection you will have "Roles=bat_user_john" or "Roles=bat_role_accountants" (dependently who is securable).  If both are securable - you will have "Roles=bat_user_john,bat_role_accountants" and MSAS will behave in "or"-mode (it will union all permissions but NOT intersect them).
  4. You should think carefully who should be securable. If you need to have multiple users with the same permissions - create BAT-role and make it securable, and make those users non-securable. Then give permissions on a cube for BAT-role.
  5. We suggest you to not make user and its roles both securable at the same time, otherwise you will get a mess and will be unable who can access what data.
  6. Use functionality "Roles Backup" in admin module BEFORE deployment of a new version of a cube on the server (cause deployment operations may kill all existing MSAS-roles). So, you may backup all MSAS-roles before deployment, then deploy new version of OLAP cube, then restore MSAS-roles.

Add comment

  Country flag

  • Comment
  • Preview

About company

BIT Impulse - a software development company, a vendor of a proprietary BI system called "Business Analysis Tool".

Web site:


<<  June 2024  >>

View posts in large calendar