I have a question here for report model generated on top of SSAS 2005. If security has been defined in SSAS 2005 cube where RoleA only have access to certain dimension, is this security setting integrated with the report model and propogate down to the report builder when used where RoleA users have no access to dimension allowed?
I've been doing research on the web trying to find if it's possible to create a Report Model that is based on a Data Source that is NOT SQL Server and NOT SSAS.
Specifically I'd like to be able to build a Report Model on a Web Server (or multiple web services).
Does anyone have any information relating to this? Based on my research it looks like there's a few interfaces that need to be implemented (such as ISemanticModelGenerator, etc.).
I did find a post relating to using ODBC data sources for a Report Model and the recommended solution was Linked Tables in SQL Server or UDM in SSAS. Both cases don't look feasible for a Web Service-based Data Source.
I am trying to add a calculated field / column in Report Builder when working with a Report Model built from anAnalysis Services Cube. I can create the calculated Field/Columns, but I get an error whenever I try to use it in a report.
Is there a way to create a report builder calculated column on report models built from a SSAS cube? Is this supported?
I am receiving the following error when I run the report builder query. I am able to successfully select the dimensions and measures that I am intrested in but when I run the report I get the error message.
The 'PerspectiveID' custom property for the 'query' perspective is either not set or is not set to the string data type. ---------------------------- Semantic query execution failed. ---------------------------- Query execution failed for data set 'dataSet'. ---------------------------- An error has occurred during report processing.
I am testing this against both Adventureworks standard and enterprise cubes. Additionality I saw a post in this forum http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=368962&SiteID=1 that seemed related but I am using reporting services in sharepoint integrated mode so I am having a hard time trying to troubleshoot this.
Is it possible to import an SAS PMML 2.1 compliant neural network model directly into SSAS 2005? Are there other or all SSAS models (e.g. Decision Trees) that can be created from an imported SAS PMML 2.1 compliant source?
I have been playing with SRS 2005 for a few months now and have a decent setup going but am strugling with model security.
I have set my selected users up in the home folder and also as site users in site settings, they can launch the report builder and create reports fine.
HOWEVER
I intend to use the software accross multiple systems ie WMS, TMS, Finance package, T&A and therefore I only want the WMS users to see the WMS models and T&A users to only see the T&A models etc
No matter what settings are adjusted it seems that if you can launch the report builder then you can access all models and this poses an issue for me as systems like T&A and financials that I need to be as secure as possible.
I am aware that I can limit access to to models using Management studio but it seems to be basically on a column basis rather than the whole model.
Help!!!
Also aware of the fact im an idiot and basically posted the same thing 5 or 6 times! Hopefully the others are deleted
I am trying to use a very easy and simple feature of a reportmodel, model item security.
In my example i have two users; HGHJohn and HGHJKooi
I want to test if I am able to restrict access in the model to a whole entity. HGHJKooi shouldn't be able to see the entity 'Customers'.
These are the steps I executed:
1. In Sqlserver management studio I opened the properties of my model and navigated to the tabpage 'model item security'.
2. I activated the option 'secure individual model items...'
3. In the root of the model I declared two users(groups) as specified above
4. Automatically all nodes inherit these settings from the root.
5. For the entity 'Relations' I change the default, by selecting 'use these roles for each group or user account'
6. I removed HGHJKooi from this list, leaving only 'HGHJohn as model item browser
What I expected at this moment is that when I login the system as HGHJKooi, then I won't see this entity, but I still can! Does anybody know a solution to this problem?
I have created security roles that restrict access to a certain Dimension and a member therein.
The security works fine when the users finened in it runs a report: The data is accordingley ristricted.
The problem is when those same users run Report Builder and create a report, those members are no longer restricted and they have acces to absoluteley all data from the cubes.
Is there some way that I can force the Data Model to follow the cube's security roles?
Any help is much appreciated...
Gerhard Davids
EDIT: I have found that it uses the wrong user when opening report builder. For some reason it uses my windows account instead of the one I used to log onto report manager. This is way the security isnt working
I've been through a number of tutorials on how to enable row-level security based on a userID, but my problem is more complicated and I do not have sufficient understanding of report models to guess.
My security information is defined in a table within my database. It contains a username and an account mask. An account mask maps to 1 or more account codes contained in the other data tables in my report model. A user may have more than one account mask defined for his account.
I understand the concept of directly mapping the logged-in user to a field containing a matching username. Is it possible to do a two-step mapping, so that based on the user ID I can get the account mask(s) and then evaluate which account codes match the mask(s)?
Or is there a different/better way to set this up? Defining SQL roles/groups is not an option, because of some compatibility issues with external systems.
So far, because my security table has no defined relationship with the data tables, I have not even been able to get it into my report model (Would love any suggestions on that one, too.)
I'd appreciate any ideas or suggestions - even if only something to investigate. Thanks, Sarah
I have a question on the security model for MSRS 2005. I have been working with the permissions for the reporting server folders and reports at my company. Now it seems to me that I can let a user have access to a folder but they will not be able to see any reports that they do not have permissions to see. This would seem different from the Windows Security model where I can see an executable but not actually execute it. (ie. In MSRS the user would be able to see the report but not execute it)
Am I correct in this assumption or is there a way to allow the user to see the report but not execute it using the MSRS permissions.
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
I've used the Dec CTP of SQL 2005 SP2 to create a Report Server Project.
In this project, I can create an XML datasource and successfully use that datasource in a report published on Sharepoint using the new Sharepoint AddIn.
I've also used Dec CTP of SQL 2005 SP2 to create a Report Model Project.
In this project I can create SQL Data Sources, DataSource Views andReport Models which I deploy to sharepoint and create a report builder based report from.
What I can't do is create an XML based datasource in a Report Model Project. Also, if I create one solution containing both types of project, the Report Model Project Data Source Wizard suggests I can create a data source based on an existing data source in my solution. What I find is that my XML data source from the Report Server Project is not listed. In fact even if I create a SQL data source in the Report Server Project that isn't available either.
I am thinking of a possible design where the cube will never go offline.
Usually when I do some code changes on my cube the cube goes offline and I need to Full Process it again to get it back .
However , in cases where the cube is extremely critical for the business users , it would be great if I can deliver a solution where the cube never goes down.
When I launch Visual Studio 2005 and choose to start a new project...I expect to see "Report Model" as an available template (at least that is what my book says).
How can I install this?
Why is it missing? Is it due to the order of my installations? I installed RS first then Visual Studio.
I have built two perspectives in a cube. Let's say: Sales and Projects. When I open my cube in Excel 2007 and I choose to open the perspective 'Sales' I see all sales related dimensions and attributes. When I open the perspective Projects I see all projects related dimensions and attributes. So far so good...
But now I generated a report model from the cube. When I start reportbuilder I can choose between three perspectives, because the total cube is added as an perspective as well. Looks pretty good, and now I open the sales perspective, but...
I see al the entities in the model, even the ones from the 'projects' perspective! It doesn't have all the functionality though, but it is visible with all the entritbutes.
I hope somebody knows the solution to this problem. Thanks in advance.
I get the following error while processing a SSAS tabular model (2014) on a new server.The SSAS service on this server is running under a login which has access to the SQL server data sources. I tried changing the provider to OLEDB from SQLCLNI11 in the connection string but that doesn't work too. The error message isn't useful to debug further.
The cube processing succeeds on a different server. I scripted out the cube DB and ran it on the new server and am trying to process full but it fails with the following error.
Error Message: The operation failed because the source database does not exist, the source table does not exist, or because you do not have access to the data source.
More Details: OLE DB or ODBC error: A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections.
For more information see SQL Server Books Online.; 08001; SSL Provider: No credentials are available in the security package
; 08001; Client unable to establish connection; 08001; Encryption not supported on the client.; 08001. A connection could not be made to the data source with the DataSourceID of 'd7a37dae-be87-44e0-a8b2-498069af82c9', Name of 'connection name'. An error occurred while processing the partition 'XXXX_460f3467-1a99-4dc9-aaf2-bcf3d54a5c4c' in table 'XXXX_460f3467-1a99-4dc9-aaf2-bcf3d54a5c4c'.
The current operation was cancelled because another operation in the transaction failed. The operation failed because the source database does not exist, the source table does not exist, or because you do not have access to the data source.
I am trying to learn building SSAS tabular model. While following a tutorial I need to add a column to an existing table but for some reason the ADD Column option (insert column in other menu is also not appearing) is greyed out.
We are working on implementing DAX formula(s) on our tabular model (SSAS 2012). When we tried to deploy the solution, deployment wizard giving us then below error:The given key was not present in the dictionary...I checked all the formula(s) that we recently implemented and all looks fine.
I'm working on a Tabular model at my job since the users have a requirement to query against a live data source. I've been looking online for clients that issue DAX as opposed to MDX to the model, but besides SSRS and Power View, I could not find anything else. Any other client side interfaces to a DirectQuery Tabular model?
I have a separate date dimension marked as Date table in Tabular Model and having proper relationship with another table(e.g SalesTable) with column of date type. But still time intelligence functions are not working. I am using the date column from other table (e.g SalesTable) in the formula. What exactly going wrong in our tabular model.
i would like to pose a question, when a user do a login in SSRS server,is it possible to pass the username to SSAS tabular, to implement security? I've tested using USERNAME() creating a role that relates USERNAME() with a dim user username, but now i need to implement it with the username used in SSRS server.
I need some sugestions from all of you about setting up security model in our SQL2000 box.
The server was setup using Mixed mode. However, all the applications (web and MS access) access the server using "sa" userid.
There are several databases in our server. Ex: (DB1,DB2,DB3,DB4 and DB5)
Application 1: need read/write access to DB1,DB2 and DB3 Application 2: need read/write access to DB5 Application 3: need read/write access to DB4 and DB3
Should I set up three userids and give them the dbo access to those database that they need to use?
I'm doing a BI project and I already develop the DataWarehouse and the OLAP Cube. Next step are the creation of a report using SQL Server Reporting Services.
I am used to use a query from Data Warehouse as the DataSet to implement the report. Is usual ou benefit to use the cube directly on report as DataSource?
I have two different roles, each one with a dax filter. One is for filtering users that access by Excel, and other for filtering users that access by Reporting Services, respectively:
To create only one role that serves Excel and Reporting Services users, is it viable to use only the || (OR) operator?, is there any other regard i should take?
I'm a bear with a very little brain. Please review the following story to see if I understand the concepts.
For the purposes of this exercise let's say that a database is used to control a building's HVAC (Heating, ventilation and cooling) system. It's installed by the HVAC vendor, who installs client software on the PC's in the building. This software allows the occupants of the building to alter the setting of the HVAC system. A young and foolish programmer/DBA - eager to show his mettle - accepts the responsibility of overseeing the system to make sure it works. What could go wrong? Easy money.
Given: A database that contains securable. (Tables, views, schema's etc).
By the second week, there is always someone complaining that it's too hot, too cold, too noisy (fans on too high). Everyone is setting their own settings. No one is happy - the only thing that they agree on is that the system doesn't work - and it's up to the less-young and less-foolish programmer/DBA to fix it.
Option #1: Create an Application Role (AIR_GOD) to control who can really write to the thermostat tables. This effectively blocks anyone who doesn't know the AIR_GOD password from fiddling. This password is only given to a carefully selected few.
Two weeks and fourteen passwords later:
Option #2: Create a fixed database role (AIR_GOD2) and drop only the selected few logins into it. (Our programmer is learning)
It helps. But since the users can access the whole thermostat-table - they end up setting each other's zones settings - sometimes by accident. Sometimes the values entered are insane.
Option #3: Create a Data Access Layer (DAL) Our programmer/DBA learns fast - he removes update rights to the thermostat-table from all users with a login. Now the only way to change a thermostat-table setting is through the stored-procedure(s) with the 'user without a login' impersonation. Values are checked before they're written etc.
Is that about right?
(Our story ends with the programmer/DBA growing older and wiser vowing never - ever - ever - to get involved with HVAC control systems again.)
I have a package that works fine locally but doesn't work when I deploy it to the server (and reset the connection strings to the local DB and AS instances that are running on the same server)It's not the usual permissions issue; I'm getting something about the SQL Browser not running (it is) and named instances. But my SSAS instance is the default unnamed instance?
The error message is "errors in the oledb provider. could not connect to the redirector. ensure the sql browser is running on the "." server" then another error with "error while retrieving name instance information".I've tried referencing the ssas server using its ip, ., hostname but the package craps out in a few sec
I've verified that the SSAS server is running and i can connect to it using ssms/tableau/excel etc.I've tried changing the service account of the sql browser to use local system.
If user want to see the grand total for a measure with include all members, even though the user has limited access for that member, so how we can do using DAX?For example, let’s say the total revenue for all the divisions in a cube is $15,000. You create a role called “Division A”, and set it up so members of that role can only see the revenue for Division A, which totals $3,000. If you use a front-end tool like Excel to access the cube and use the division hierarchy to see the total revenue, you will see the revenue of $3000 for Division A, but also want to see the Grand Total for the revenue as $15,000How we can achieve above scenerio in tabular model (DAX).
Is is possible to upgrade from 6.5 to 7.0 and have all the logins that have been granted the ability to make a trusted connection to 6.5 be created the same capability in 7.0?
When I did it the logins were created as standard logins in 7.0