|Microsoft BI with Constrained Kerberos Delegation|
|Written by Rob Kerr|
|Monday, 19 May 2008 13:53|
In a Microsoft BI environment, we very often want to grant data visibility permissions at the datebase level. The most common way to accomplish this is to use Kerberos delegation.
In Active Directory, delegation comes in two flavors: Constrained and Unconstrained. Constrained delegation provides an enhanced level of security for deployments where Kerberos delegation is used to pass end-user credentials to back-end services.
In an unconstrained delegation configuration, servers and service accounts are trusted to send Kerberos tickets to any service on any destination computer. This typically isn’t a problem, since administrators know what their service accounts are used for, and what software is installed on their servers.Read more...
Latest Author Articles
- Video - Using DAX to count what's not there #msbi #powerpivot
- Set of videos about Analysis Services tabular
- Video - Automating cube processing
- SSAS MDX Measures on Rows in SSRS
- Pattern for Displaying SSAS Cube Last Processed Date to Excel users (SSAS 2008R2)