Dynamics Community Forum Thread Details

Permissions on Std AX Cubes 2009

Hi,

I am a little confused about one aspect of security on AX cubes.

I understand that the the Roles on the cubes pretty much match the Roles in Role Centre and I can see that they have been preconfigured with relevant access to certain measure groups / diminesions

I also understand that we can change these to match our own requirements.

The piece I dont quite get is how the permissions work when you are in AX (role centre or std menu's) and are running std reports over the cubes (e.g. Top X Vendors by YTD).

Should the connection be set up with your windows profile or via a service account?

If with your windows profile, then does that mean we have to make sure that the users are in the correct Roles on the cubes?

or do you set all users up to have access to the cubes and assume that AX security will conrol the access?

If all users are set up, then that means that all users will have access to all cubes if they go in via Excel.

"If with your windows profile, then does that mean we have to make sure that the users are in the correct Roles on the cubes?"

Yes, this is the case. AX security is not involved with access to the ssas cubes. SSAS controls security of cube by use of roles that are defined in the ssas database. Membership in these ssas roles would need to be set in the Dynamics AX ssas database before anybody can connect to it. There isn't any tool to push the membership list for the ax roles over to ssas, so yes, you'd have to add your users into the appropriate ssas roles.

The way the roles are setup up initially, membership in a role that is granted access to one of the cubes in the ssas database gives you access to all the data for that cube. Dimensions, though, are not secured.

If you desire, ssas does allow setting a role to denying access to particular dimensions, so you could change what each role has access to, should you wish to do so.

Quick Links