Security and protection for analytics [AX 2012]
Updated: July 15, 2014
Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
This topic explains the default security model for analysis cubes that are used with Microsoft Dynamics AX, and how you can customize that model to meet your needs.
Security for analysis cubes is set up independently from security for Microsoft Dynamics AX. To grant users access to cubes, you must assign the users to database roles in Microsoft SQL Server Analysis Services.
When you deploy the cubes that are included with Microsoft Dynamics AX, default roles are created in the database where you deploy the cubes. The following image shows some of these default roles.
To set up security for the cubes, follow these steps:
Review Default Analysis Services roles to learn more about the roles that are created in Analysis Services when you deploy the cubes that are included with Microsoft Dynamics AX.
Assign users to the Analysis Services roles. For instructions, see Grant users access to cubes.
Keep in mind that the members of a role have permission to view all data in the cubes that the role has access to. For example, if you assign a user to the Project supervisor role, the user has access to all data in the Project accounting cube.
The members of an Analysis Services role have permission to view all data in the cubes that the role has access to. To help restrict a role’s access to specific dimensions and cells in a cube, you can perform customizations. The following topics describe customizations that can help secure Microsoft Dynamics AX cubes:
The documentation for SQL Server also provides the following topics that explain how to help restrict a role’s access to specific dimensions and cells in a cube:
Granting Dimension Access explains how to help restrict access to dimensions.
Granting Custom Access to Dimension Data explains how to help restrict access to dimension attribute members.
Granting Custom Access to Cell Data explains how to help restrict access to cell data.
If you modify a default Analysis Services role that is provided by Microsoft Dynamics AX, you may accidentally prevent some members of the role from viewing reports and key performance indicators (KPIs) that those members were intended to view. For more information about the default roles that are included with Microsoft Dynamics AX and the cubes that the roles have access to, see Default Analysis Services roles.
Announcements: To see known issues and recent fixes, use Issue search in Microsoft Dynamics Lifecycle Services (LCS).