Security for OLAP data is set up independently from Microsoft Dynamics AX.
User access to objects such as cubes, dimensions, and mining models within an instance of Analysis Services is granted through membership in one or more database roles.
About database roles
Analysis Services administrators can create database roles, grant read or read/write permissions on Analysis Services objects for these roles, and add Microsoft Windows users and groups to the roles.
See the Analysis Services documentation, available on MSDN, for detailed information about roles and security best practices.
Predefined cubes included with Microsoft Dynamics AX
Microsoft Dynamics AX provides predefined cubes and predefined database roles for these cubes.
To enable users to access the predefined cubes, you must:
-
Restrict the database roles to specific companies
-
Assign users to the database roles
Restrict the database roles to specific companies
By default, the predefined roles have access to OLAP data in all companies. Complete the following procedure to restrict database roles to specific companies.
-
In SQL Server Management Studio, connect to the instance of Analysis Services.
-
In the tree view, expand the Rolesnode for your OLAP database.
-
Right-click the role for which you want to restrict access. Click Properties. The Edit Role - <Role Name>form is displayed.
-
In the Select a Pagepane, click Dimension Data.
-
From the Dimensionlist, select Dynamics AX.Company.
-
Select the check box for each company the role should have access to. Clear the check box for each company the role should not have access to.
Assign users to database roles
Complete the following procedure to assign users to the predefined database roles.
-
In SQL Server Management Studio, connect to the instance of Analysis Services.
-
In the tree view, expand the Rolesnode for your OLAP database.
-
Right-click the role you want to add users to. Click Properties. The Edit Role - <Role Name>form is displayed.
-
In the Select a Pagepane, click Membership.
-
Add the appropriate users to this role.