Securing data with roles
Often, there is a desire to restrict the amount of data that a user can see. This can take two forms. Firstly, there may be a need to restrict data because of a security concern, that is, the user should only be able to read information from the model that relates to their area of operating concern. Typical examples of this type of security restrictions are based on geographical areas, reporting, or departmental lines. Restricting data through security is examined in this recipe and the Implementing dynamic security recipe in this chapter. Secondly, we may wish to restrict the objects that a user can see when they connect to the server. This is not the application of a security feature, but simply the creation of specific view(s) for the user. This is achieved through the use of perspectives (which is examined in the Creating perspectives recipe in this chapter).
Tabular modeling on an SSAS server implements role-based security. This is similar to the way SSAS implements...
