Is there a way how to restrict access to SSAS Cube by application?
I would like to have access only from "my application" and restrict all other application, like Excel.
Maybe add some special key in to connection string and then deny all connections without it on windows firewall? (but I can't find if this is possible, its just an idea)
Thank you.
n-tier architecture
Client Apps <== HTTP WS ==> Server Apps <=> SSAS
access to SSAS - only on the local network (from Server Apps).
The client application accesses the Server only through web-services
Related
So what I'm trying to accomplish here is basically just like an SQL server connection, I want to connect SSAS instance from another computer in the same network using a login account. Things I search online mostly deviates from this a lot at some point. What I need to know is what configurations should I do on SSAS services to enable this? How to crate a new login account (the system I am connecting from is not windows based so no windows authentication) and basically how to build connection string?
I have checked some documents of windows but mostly I am lost.
SSAS clients support NTLM, Kerberos, and (only with the data pump) HTTP Basic and Anonymous auth.
Of those Kerberos and HTTP Basic (with the data pump) are usable on non-Windows platforms. But I don't know if ADOMD.NET for .NET Core (the only non-Windows driver) supports Kerberos on non-Windows platforms.
We are currently investigating the viability of using OBIEE as the presentation tier for our BI solution (SQL Server 2012, using both the database and analysis services). IIS (which is utilized as a pass through for OBIEE to access SSAS via XMLA) is version 7.
When trying to import SSAS cube metadata into OBIEE, we are receiving "401 - Unauthorized: Access is denied due to invalid credentials". The connection from IIS to SSAS has been tested via Excel and established as working. Looking at the IIS logs, it appears that the username is not passed through when connecting via OBIEE, but is passed through when using Excel.
We have also tried using a local user to no avail.
Thanks in advance.
Undoubtedly there is a better solution, however, here is how I was able to get it to work.
Use anonymous authentication on IIS
Provide IUSR access to the cubes in question
Configure IIS to accept connections from the OBIEE server only, for
the XMLA pass-through site in IIS
Now, certainly less than ideal, but works.
I'm creating a new 'Analysis Services Tabular Project' in Visual Studio and the first thing VS asks is:
Select an Analusis Services instance to use while authoring tabular model projects.
I fill in the server and try Test Connecection, the error message I get is:
Cannot connect to server '[server name here]'. Reason: An error occurred while connecting to the server.
The problem is (I think) that the SSAS resides in another domain then my workstation. Is there a way to use other credentials when connecting to SSAS?
Or are there ways to analyse the 'error' in more detail?
If disabling the Firewall or opening the 2382 or 2383 port is not making any sense to make connection to the SSAS server then, there could be below issue. Which I have discovered by spending lot of time research.
To connect to SSAS, SSAS server must have a domain(active directory) installed on it.
The client machine from which you want to access the SSAS must have in the same domain of SSAS server.
If the SSAS server have a no domain, i.e. it is in the default domain (means in WORKGROUP) & the client machine is also in the "WORKGROUP". Then for making connection to SSAS, you have to create same user(with same password) on both the machine (on client & SSAS server). After that you have to add that user in the SSAS-Property-Security access. After that you have to login with the newly created user on the client machine & try for making connection to SSAS.
I have a sharepoint 2010 portal with some dashboards and reports. No I have a permission problem, because I cannot view these reports.
I would like to have a look in Reporting Services Configuration Manager, but I cannot connect to the server where sharepoint and SQL server is installed. I enter the server name and press on find. It gives me the following error:
Unable to connect to the Report Server MYSERVERNAME.
By the way, I try to fix this problem:
AccessDeniedException: The permissions granted to user
'Mydomain\MyUserAccount' are insufficient for performing this
operation.
First off, you probably want to be using SharePoint Central Administration, not RS Configuration Manager. Also, RS Configuration Manager isn't where you'd manage access to report objects.
That said:
Try remoting into the host machine and running the tool locally on the server.
Ensure the proper ports are open for you to be connecting remotely (and that they SHOULD be open - there are very valid security reasons to block them)
Are you 100% certain you're connecting to the right address? Is it possible the SSRS service itself is on a different machine than the Sharepoint service and the SQL server?
I'm trying to connect a web forms application to an SSAS Cube. The app is using web forms authentication and it is using web roles in Azure. The SSAS cube is on a Virtual Machine within Azure. There is no domain installed. The web app is using GrapeCity's Active Analysis control. When running the app i get the error "An existing connection was forcibly closed by the remote host". While profiling on the server I get an "Anonymous Logon" attempt.
How can I set this up?
SSAS uses Windows authentication only, so either:
1) You somehow get your web app's application pool to run under a windows account that can access the cube box (Sounds unlikely).
2) You have your application pool run under a windows account and create a windows account with the same username/password on the cube box, and assign it the permissions (Used to work, I think it still does).
3) You allow Anonymous Logon read permissions to your cube. I know you can do this at the server level (Dev enviroments..), I haven't tried it at the cube role level.
These are the ones I know of, best of luck.
EDIT: Sorry, thought I'd forgotten one, there is basic authentication if you add IIS as an extra layer, you have to set it up to go via the MSDMPump.dll, full explanation here: http://msdn.microsoft.com/en-us/library/gg492140.aspx