简体繁体 English

SSAS表格多维数据集-odbc连接-根据观点限制用户的访问/可见性？

[英]SSAS Tabular Cube - odbc connection - restricting users access/visibility based on perspectives?

原文 2018-08-22 21:51:18 0 1 odbc/ ssas/ tabular/ ssas-tabular/ perspectives

We have a rather large ssas based tabular cube which our organization uses and I managed/administer. 我们有一个相当大的基于ssas的表格多维数据集，我们的组织使用该表格多维数据集，并且由我进行管理。 Users can connect to it via an odbc connection in an excel sheet to pull fields and create reports by using a pivot table. 用户可以通过excel工作表中的odbc连接来连接它，以通过使用数据透视表提取字段并创建报告。 Management wants to streamline the fields though so that certain users can only see certain fields. 管理层希望简化这些字段，以便某些用户只能看到某些字段。 I know I can use perspectives to do this however all this does is allow the users to select a perspective to view and subsequently it'll show them whatever fields/tables I have set that perspective to show. 我知道我可以使用透视图执行此操作，但是所有这些操作是允许用户选择一个透视图进行查看，随后它将向他们显示我设置该透视图所显示的任何字段/表。 What I'm trying to do is limit each users access so that each user has limited access to what perspective they can view. 我想做的是限制每个用户的访问权限，以便每个用户只能限制他们可以查看的视角。 For example, a new employee would have basic access, someone who's been with the company a long time would have be considered a power user and would have a perspective with more access. 例如，新员工将具有基本访问权限，而在公司工作了很长时间的某人将被视为超级用户，并且具有访问权限更大的视角。 Is there any way using either perspectives or roles in ssas to limit their access when they connect via an odbc connection? 通过odbc连接进行连接时，是否可以使用ssas中的观点或角色来限制其访问权限？ Maybe through active directory? 也许通过活动目录？

1 个解决方案

Have you considered row level security? 您是否考虑过行级安全性？ You could create roles corresponding to each level of access needed and implement filters on rows/tables using DAX. 您可以创建与所需的每个访问级别相对应的角色，并使用DAX在行/表上实现过滤器。 For example, create a New Employee Role with Read permission. 例如，创建具有读取权限的新员工角色。 In the Role Manager window (Model > Roles...) add filters on which ever tables you want to restrict for that role, a basic example would be =FALSE() as the DAX Filter to restrict the entire table from that role. 在“角色管理器”窗口（“模型”>“角色...”）中，添加要针对该角色限制的表的过滤器，一个基本示例将是=FALSE()作为DAX过滤器，以限制该角色对整个表的限制。 Of course you can also add further granularity at the column and row levels. 当然，您还可以在列和行级别添加更多的粒度。 Just keep in mind that any tables which are restricted will have the security filter propagated in the one-to-many relationship direction to tables in which it shares a relationship with, ie a fact table will be filtered by a restricted dimension as it's on the many side of the one-to-many relationship. 请记住，任何受限制的表都将具有沿一对多关系方向传播到与其共享关系的表的安全性过滤器，即事实表将按照限制维度进行过滤，因为它位于一对多关系的许多方面。