Report Portal

Local cubes password protection

Describes how to protect local cubes with password

Analysis Services security model was already considered as best among OLAP servers by OLAP Report. Analysis Services 2005 introduced even more security features. But usually we talk about server specific security features, such as fine grain administration permissions, transposrt encryption, stored procedures sandboxes and impersonation modes, default Negotiate SSPI for authentication etc. However, none of these features really apply to the local cubes. Indeed, while it is possible to create local cube with roles and dimension and cell permissions in it - they don't mean anything, because anybody who has access to the local cube is in reality administrator, since he has physical access to all the data. So the only method of protection for local cube files - is the ability to protect the entire file with password - the method successfully employed by Office for many years. This has been long standing feature request by users since OLAP Services 7.0 introduces local cubes, and Analysis Services 2005 supports it. The way this feature is implemented, is, of course, through the connection string property ! However, for the reasons that I don't want to get into right now, the standard OLEDB property "Password" is not used for that purpose (it is used for transport authentication, either HTTP Basic or TCP/IP Integrated), but a new connection string property "Encryption Password".should be used instead.Whenever this property is used on the connection to the local cube, it is encrypted and decrypted using the symmetric key derived from the password. The exact steps are outlined below

Read more...

Tags: local cube

 

2007-2015 VidasSoft Systems Inc.