Share via


Role Interface

Note

  This feature will be removed in the next version of Microsoft SQL Server. Do not use this feature in new development work, and modify applications that currently use this feature as soon as possible.

The Role interface supports the maintenance of user groups and security parameters. Users can be grouped according to common access permissions by using the Role interface.

Using Decision Support Objects (DSO), you can use role objects to set permissions on the following areas in Analysis Services:

  • Server

  • Database

  • Cube

  • Dimensions and members

  • Individual cube cells

Each role object also contains a collection for Command objects. The ability to create role-based commands is important for security reasons, and can also increase cube flexibility. You can customize the content of a cube to match the needs of individual users or entire groups.

In DSO, the objects that implement the Role interface have a ClassType property value of clsCubeRole, clsMiningModelRole, or clsDatabaseRole. The Role interface provides properties and methods to manipulate these objects.

Updating Security Information on the Analysis Server

Any changes you make to role objects are saved when any of the events listed in the following table occur.

Event

Description

Saving a cube or mining model

Using the Update method of a cube or mining model object sends the updated security information to the Analysis server (assuming the cube or mining model has been processed at least once).

Processing a cube or mining model

Processing a cube or mining model updates the security information on the server. All role configuration data is saved, regardless of the processing option specified with the Process method.

Saving a database role

Using the Update method of an object of ClassType clsDatabaseRole sets the default values for the affiliated cube role objects in the database. Any changes you make to this default role are not applied to the affiliated cube role or mining model role objects that have values overriding the default.

When you make a change to default permission settings on a database role and invoke the Update method on the role, DSO finds all cubes that still use the default permission settings and sends the new security permissions for these cubes to the server.

For more information about database and cube objects and how they relate to each other, see Introducing Decision Support Objects.