Security and protection for analytics

Important

This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012

This topic explains the default security model for analysis cubes that are used with Microsoft Dynamics AX, and how you can customize that model to meet your needs.

Concepts

The default security model

Customizing security for cubes

Resources

Default Analysis Services roles

Grant users access to cubes

The default security model

Security for analysis cubes is set up independently from security for Microsoft Dynamics AX. To grant users access to cubes, you must assign the users to database roles in Microsoft SQL Server Analysis Services.

When you deploy the cubes that are included with Microsoft Dynamics AX, default roles are created in the database where you deploy the cubes. The following image shows some of these default roles.

Roles in Analysis Services

To set up security for the cubes, follow these steps:

  1. Review Default Analysis Services roles to learn more about the roles that are created in Analysis Services when you deploy the cubes that are included with Microsoft Dynamics AX.

  2. Assign users to the Analysis Services roles. For instructions, see Grant users access to cubes.

    Keep in mind that the members of a role have permission to view all data in the cubes that the role has access to. For example, if you assign a user to the Project supervisor role, the user has access to all data in the Project accounting cube.

Customizing security for cubes

The members of an Analysis Services role have permission to view all data in the cubes that the role has access to. To help restrict a role’s access to specific dimensions and cells in a cube, you can perform customizations. The following topics describe customizations that can help secure Microsoft Dynamics AX cubes:

The documentation for SQL Server also provides the following topics that explain how to help restrict a role’s access to specific dimensions and cells in a cube:

Warning

If you modify a default Analysis Services role that is provided by Microsoft Dynamics AX, you may accidentally prevent some members of the role from viewing reports and key performance indicators (KPIs) that those members were intended to view. For more information about the default roles that are included with Microsoft Dynamics AX and the cubes that the roles have access to, see Default Analysis Services roles.