Security and protection for analytics
Important
This content is archived and is not being updated. For the latest documentation, see Microsoft Dynamics 365 product documentation. For the latest release plans, see Dynamics 365 and Microsoft Power Platform release plans.
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
This topic explains the default security model for analysis cubes that are used with Microsoft Dynamics AX, and how you can customize that model to meet your needs.
The default security model Customizing security for cubes |
The default security model
Security for analysis cubes is set up independently from security for Microsoft Dynamics AX. To grant users access to cubes, you must assign the users to database roles in Microsoft SQL Server Analysis Services.
When you deploy the cubes that are included with Microsoft Dynamics AX, default roles are created in the database where you deploy the cubes. The following image shows some of these default roles.
To set up security for the cubes, follow these steps:
Review Default Analysis Services roles to learn more about the roles that are created in Analysis Services when you deploy the cubes that are included with Microsoft Dynamics AX.
Assign users to the Analysis Services roles. For instructions, see Grant users access to cubes.
Keep in mind that the members of a role have permission to view all data in the cubes that the role has access to. For example, if you assign a user to the Project supervisor role, the user has access to all data in the Project accounting cube.
Customizing security for cubes
The members of an Analysis Services role have permission to view all data in the cubes that the role has access to. To help restrict a role’s access to specific dimensions and cells in a cube, you can perform customizations. The following topics describe customizations that can help secure Microsoft Dynamics AX cubes:
Scenario: Help prevent employees of one company from viewing cube data for another company
Scenario: Help secure cube data so that managers see only the data for their own team
Scenario: Mapping security in Microsoft Dynamics AX to Analysis Services
The documentation for SQL Server also provides the following topics that explain how to help restrict a role’s access to specific dimensions and cells in a cube:
Granting Dimension Access explains how to help restrict access to dimensions.
Granting Custom Access to Dimension Data explains how to help restrict access to dimension attribute members.
Granting Custom Access to Cell Data explains how to help restrict access to cell data.
Warning
If you modify a default Analysis Services role that is provided by Microsoft Dynamics AX, you may accidentally prevent some members of the role from viewing reports and key performance indicators (KPIs) that those members were intended to view. For more information about the default roles that are included with Microsoft Dynamics AX and the cubes that the roles have access to, see Default Analysis Services roles.