I have got a SSAS Cube, we have written an windows application which would issue MDX queries to access the data from the cube and show it in the reports .
This windows application is a licensed application, meaning only those who have got license from us could be able to run the application and then could be able to access the data from the cube.
The problem we are having is what some unlicensed users tries to access our cubes through other cube browser application like Excel.
so we are generally wondering how to protect the cubes and data present in the cube so that only who has got license to our application could be able to access.
Could anyone please advise that how to give this type of security to SSAS database?
Best Answer
If your users succeed to connect to the cube with their domain users, than the server permission is too lax.
The security model of the SSAS is actually build around Windows authentication (using Windows logins). In Management Studio, right click on the SSAS server -> Properties -> Security. You'll see there who is an administrator of this instance of SSAS. All logins here will be able to do everything they want (process the cube, browse the database, backup, script..whatever).
If you want to limit the permissions, you have to go further and create roles within your SSAS db. There you'll grant whatever privileges you need for the application.
Please see further details in the following answer (and especially in the references section).
But if some server administrator is granting admin permissions to another user, you can't really do much. There was a very good advice in another question (regarding obfuscation of DB code), this should be part of the licensing process and the EULA. If the users break it, you can at least sue them.