Skip to main content
Version: 10.2

Configure Roles for Data Restrictions

Use this option to configure restrictions to users or groups in accessing or viewing the data through reports and dashboards.

Limitations

Note the following limitations when configuring object-level restrictions in the OLAP database:

  • The restrictions configured will not be applied to SQL Server Analysis Services server administrators.

  • The restrictions configured will NOT be applied to Analysis Server service account.

  • All the restricted users should not be included in roles with Full Permission.

    NOTE

    These users have full privilege to access the OLAP database and server.

  • The Open iT Reporting Services data sources should use either:

    • Windows Integrated Security
    • Credentials supplied by the user running the report.

    Configuring Role SSRS Credentials

    Configuring Role SSRS Credentials

  • The restricted role must have at least Read permission to the OLAP Applications cube.

  • Avoid including users in multiple roles to prevent conflicts in restrictions. If a user belongs to multiple roles, all the allowed properties in each role will be visible to the user.

Configuring Data Restrictions

To set object-level roles in OLAP cube:

  1. Choose the role to configure.

  2. Click the Configure button.

    A Configure Role dialog will appear.

  3. Choose among the available Dimensions.

  4. Choose among the available Attribute Hierarchy under the selected dimension.

  5. Choose from the following options for selecting data:

    • Select All - to allow role members to access the dimension and attribute data.
    • Deselect All - to deny role members access to the dimension and attribute data.

    NOTE

    Read the instructions provided under the option carefully.

  6. Click Update to apply changes.

    A confirmation message will appear.

    Configuring Role Data Restrictions

    Configuring Role Data Restrictions

  7. Click OK.

Verifying Data Restrictions in Reporting

After configuration, the restrictions will immediately take effect in ad hoc reporting using the following tools:

  • SQL Server Reporting Services
  • Microsoft Excel
warning

The reporting tool should be accessed by the restricted user to see the effect.
The configuration is not applicable in Analysis Server - Analysis page reporting.

Verifying Data Restrictions in Real-time Dashboard

Activate the role-based data display on the License Monitor Portal to apply the configuration in the real-time dashboard.

warning

If the configuration does not immediately take effect, run the command OpeniT.Server.Etl.Console.exe UpdateRoleGroups using the Analysis Server console application. See the section UpdateRoleGroups for detailed instructions.