I read your article about security roles architecture (http://wiki.openi.org/architecture).
I read "For example, a user may only see the specific subset of the cube data as permitted by the OLAP security rules for their login."
Configuring connection to msmsdpump.dll with XMLA.
It seems that there is no way to pass, in the XMLA call, any credential.
We use the same msmdpump.dll url to access cubes with Excel, and any user is prompted for username and password.
Is there any way to get the same behaviour in open-i?
Thank you in andvance.
Andrea
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There's a way to do this. Our team's done this with limited success in a PoC, but later didn't include in OpenI because of the complexities involved because it requires writing custom code. However, the general idea is:
* Ensure that the login credentials used by the user are also valid for accessing the XMLA server. In Microsoft world, this can be achieved by having Active Directory as your authenticating server for OpenI
* This way, once the user logs in, you have security credentials that can also be used to connect to XMLA server
* Configure the XMLA server to accept these logins, this is done in IIS
* You will have to customize the code that initiates connection to XMLA server. The default behavior (or the only behavior available today, I should say) is to open an anonymous connection to the XMLA server. You will need to modify this code to use the logged in user's security credentials to initiate the XMLA connection (instead of being anonymous)
* As far as cube data security partitioning - that's all done within SSAS 2005
Hope this helps. I'll see if our engineer who worked on this has more details to add
Sandeep
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I read your article about security roles architecture (http://wiki.openi.org/architecture).
I read "For example, a user may only see the specific subset of the cube data as permitted by the OLAP security rules for their login."
Configuring connection to msmsdpump.dll with XMLA.
It seems that there is no way to pass, in the XMLA call, any credential.
We use the same msmdpump.dll url to access cubes with Excel, and any user is prompted for username and password.
Is there any way to get the same behaviour in open-i?
Thank you in andvance.
Andrea
Andrea
There's a way to do this. Our team's done this with limited success in a PoC, but later didn't include in OpenI because of the complexities involved because it requires writing custom code. However, the general idea is:
* Ensure that the login credentials used by the user are also valid for accessing the XMLA server. In Microsoft world, this can be achieved by having Active Directory as your authenticating server for OpenI
* This way, once the user logs in, you have security credentials that can also be used to connect to XMLA server
* Configure the XMLA server to accept these logins, this is done in IIS
* You will have to customize the code that initiates connection to XMLA server. The default behavior (or the only behavior available today, I should say) is to open an anonymous connection to the XMLA server. You will need to modify this code to use the logged in user's security credentials to initiate the XMLA connection (instead of being anonymous)
* As far as cube data security partitioning - that's all done within SSAS 2005
Hope this helps. I'll see if our engineer who worked on this has more details to add
Sandeep