AMO Security Classes

This topic contains the following sections:

  • Role and RoleMember Objects

  • Permission Objects

The following illustration shows the relationship of the classes that are explained in this topic.

Security classes in AMO covered in this topic

Role and RoleMember Objects

A Role object is created by adding it to the roles collection of the database, and updating the Role object to the server by using the Update method. A Role object has to be updated before it can be used.

To remove a Role object, it has to be dropped by using the Drop method of the Role object. The Remove method, from the roles collection, only prevents you from seeing the role in your application, but it does not remove the role from the server. A Role object cannot be dropped if there are any permissions associated with it.

A RoleMember object is created by adding a user to the members collection of the role and updating the Role object to the server by using the Update method. Only Server Administrators or Database Administrators are permitted to create roles. A Role object has to be updated to the server before any of its members is allowed to use any the objects to which the user has been granted permission.

To remove a RoleMember object, it has to be removed from the collection by using the Remove method of the collection, and then updating the role by using the Update method.

For more information about methods and properties available for these objects, see Microsoft.AnalysisServices.Role and Microsoft.AnalysisServices.RoleMember in the Microsoft.AnalysisServices.

Permission Objects

A Permission object is created by adding it to the permissions collection of the object and updating the Permission object to the server by using the Update method.

To remove a Permission object, it has to be dropped by using the Drop method of the object. The remove method, from the permissions collection, only prevents you from seeing the permission in your application, but it does not remove the Permission object from the server. A role cannot be deleted if there is any permission associated with it.

For more information about methods and properties available, see Microsoft.AnalysisServices.Permission in Microsoft.AnalysisServices.