Is there anyone who has an idea how i can log user access in SSAS and Power Pivot?
The problem we face that we need to keep track of who is accessing what. it is not enough to save the question when the result set changes over time (SELECT * ... does not result in the same today as yesterday), so the whole or parts result set need to be logged. I can imagine that it is possible to solve for reports created in SSAS, as it is being in a SQL server. Power Pivot and self-service BI, I'm more thoughtful about how it should be done.
If your Power Pivots are stored in a BI-enabled SharePoint site then those Power Pivot workbooks are effectively on a regular SSAS tabular server also. So any logging that you can put in place for an SSAS tabular database you could probably adapt for PowerPivot workbooks. But in the SharePoint SQL Server instance you will also find a database called DefaultPowerPivotServiceApplication[GUID]. In this database you will have a table called [Usage].[Requests] that records who access what file and when.
Related
I work in my companies small IT department. I have been creating automation via VBA in Excel to pull data from SQL and put it into Excel, then dynamically format and summarize the data. The issue I am running into is the IT department does not want to give anyone outside the IT department SQL Read-Only Access. They view SQL as a privilege not a right...even if it is only Read-Only. They claim security reasons.
Just to be clear, we are NOT installing SQL on these peoples' computers nor do they have the technical understanding on how to write queries. Also, they can already view all the information on the front-end website.
I currently have to specify which database and which tables they can have access to and it takes about 1-2 weeks to give them access (they drag their feet doing the requests).
I am not trying to vent, I am actually wondering do they have a legit concern about security and is this actually a best practice on their part?
The worst thing that could happen is a user knows just enough to connect MS Access to the database, write some poor queries, and grind everything to a halt. You should always have non-IT users access data in a safe, structured way. Especially if this database is a transactional one, and not a reporting database.
Sure, they can access all the data per business process. So then, create a nice, safe query to read all the data and dump it to Excel - if that's what the users want.
Otherwise, IT-created queries - preferably in Stored Procedures - should be reading the data and presenting it to the users.
So it's not a security issue per se. It's more an issue of "we don't want non-IT users getting crafty and bringing down the database with poorly written queries."
I believe the connection properties to the SQL server is embedded in your VBA code, as long as the code is not visible to the user then there is no way they can query the SQL server directly.
Sounds like you need an SQL read only service account which you can use for Query connections. Create an Excel data connection that has the security details to connect to SQL, then your VBA hooks into that data connection.
I finally decided to ask this (after a lot of google searching):
So we use Power BI for data visualization and thus in it are some calculated dashboards / data outputs which are used to monitor data quality etc. I want to be able to historical log these results so that over-time we can monitor progress i.e. was data quality improved. This is the end of the initial problem.
One approach to this problem was to connect to PowerBI from the MS-SQL side - hoping we can then set timed triggers to do the log by READING THE POWER-BI DASHBOARDS: So how do I query that (I have already developed a method to determine the connection using the Power-BI port as described here:
EXPORTING DATA FROM POWER BI DESKTOP TO MS-SQL
This is a screenshot from one of my MS-SQL connections through "Analysis Services":
I am assuming the objects named like "LocalDateTable_" are the actual BI analysis I want to query. "New Query" is an MDX type of Query. Should I go this route for my problem (logging powerbi analyses)?
At first this sounds crazy but on reflection I guess it was only a matter of time, and a sign of the maturity of Power BI solutions ...
I would use the SQL Server Profiler to capture the queries generated while you use your dashboard & report.
https://insightsquest.com/2017/05/07/profiler-trace-for-power-bi-desktop/
Then I would build an SSIS package to run the MDX queries and deliver the datasets to SQL Server, with extra columns e.g. StartTime.
I was wondering if anyone can help. I have started a new job for a firm where they are looking to create BI reports for clients. The clients have the server on their site. We have access to only query the data, but not allowed to create tables, stored procedure etc.However we are allowed to create temporary tables.
I am looking to create an SSRS report for the client but at the same time want hide the SQL from them to prevent them knowing how the reports are built.
Is there a way to create a self service bespoken report which I can deploy for them but keep the SQL hidden from them, despite them having the server on their site and them having admin access to the sql server box and SSRS reporting server?
Any advice on best handling this tough situation will be greatly appreciated!
For the purposes of this answer I am ignoring any ethical issue with this question.
Short Answer:
There is no way of doing this with SSRS and your restrictions on the client database.
Long Answer:
SSRS reports are stored as a .rdl file on your clients reporting server. This is basically easily readable XML which will allow anyone with an interest to view the report definition.
If the report definition also contains the dataset SQL (SELECT secret_sql FROM table) then the client would have:
The definition of the report, in order to be able to modify it.
The definition of the dataset, in order to modify it or apply it to another report they design.
Your only chance would have been to obfuscate your SQL on the actual SQL Server (WITH ENCRYPTION) however
You state you're not allowed to do it
The client may be able to either decrypt or using SQL Profiler detect the SQL you are running and therefore capture it for reuse.
I have a SQL Server 2008 Data Warehouse Cube (SSAS), we are trying to push this to replace our "flat file extracts" that we currently use.
When our users connected to our SSAS Server using Excel they get the PivotTable, is there a way to allow the users to create their own calculated members from Excel? Some users want to make their own calculations that are not pre-defined in SQL Server...
Is this possible? Or must all calculated members be predefined on the Cube's calculations tab?
Thanks.
I don't quite understand this part of your problem statement...
I have a SQL Server 2008 Data Warehouse Cube (SSAS), we are trying to
push this to replace our "flat file extracts" that we currently use.
...but for adding calculated members in excel, check this out. I believe the functionality (to add calculated members) is native to Excel (2007+), but this add-in should has a few other bells/whistles that should prove useful if your users are savvy enough to be needing this type of functionality in the first place.
I was trying my hands on building Cubes using AdventureWorksOlap database. I successfully build what I was trying to do. Now my concern is that I want to deploy the cube to a server so that rest of the team members can use this cube as a datasource while generating their SSRS reports (might be some other tools).
I have heard that SSAS does not allows Sql Authentication. So,
1) how will the members access the cube?
2) What authentication changes do I need to incorporate?
3) How can the other developer using his computer's SSMS access the cube and make changes to it (just like we can do it in the OLTP database)?
4) I need to prepare a dashboard using this cube. Any suggestions on this one.
Thanks in advance.
1) Windows Authentication
2) none.
3) Once the cube is deployed you cant change it. Actually you can change some things like partitions and roles, but you cant add a dimension for example. You need to change the project on BIDS and redeploy it
I would recommend starting with Excel Pivot Tables to learn what type of dashboard you will want to create. By working with the end-users, you can understand what information they want/need to see.
Regarding security, as mentioned, by design cubes use Windows auth only. Here's a blog that talks about circumventing standard security.
Also, I have posted a series of videos on how to create OLAP cubes SSAS in SQL Server 2008 using BIDS. You may find this series helpful.