I am developing SSAS cubes for a customer. Now I am developing on my PC in my company' domain. Is it possible to define roles and security options based on my customer's domain and active directory groups?
Thanks
Yes, if you cannot add them through the designer, it is possible to edit the source XML files of your AS project. Roles are saved in your solution directory in files with the '.role' file extension.
Modify the members of your role using this XML construct:
<Members>
<Member>
<Name>Domain\GroupOrUserName</Name>
</Member>
</Members>
It might also be a good idea to predefine your roles, but let your server administrator/DBA add members to them in production.
Afterwards, you can deploy new versions of your SSAS database while retaining the security settings on your cube through Analysis Services Deployment wizard.
Related
Have a business requirement to prevent development users from being able to access production and integration MFP environments; However, they can retain full access to the test environment.
Currently have the following Active Directory security groups configured for the production environment:
mfpadmin
mfpdeployer
mfpmonitor
mfpoperator
mfpanalytics_administrator
mfpanalytics_infrastructure
mfpanalytics_support
mfpanalytics_developer
mfpanalytics_business
mfpappcenteradmin
mfpappcenteruser
Within the server.xml file there is an LDAP connection and then a section defining security roles. These AD group names are reflected in the security role section. To fulfill the requirement above, one may presumably creates new active directory security groups similar to the ones listed above (something like mfpadmin-test, mfpadmin-int), add development users to these newly created test groups, e.g., mc-admin-test, remove these same users from the groups defined for the production environment, e.g., mfpadmin, and update the appropriate server.xml file.
Is there anything inside of the specific applications (Admin, Analytics, AppCenter) that one needs to do to further restrict access?
Is there anything needed to be done with the war file?
Is there anything inside of the specific applications (Admin, Analytics, AppCenter) that one needs to do to further restrict access?
(A) No just defining the right security roles should be sufficient
Is there anything needed to be done with the war file?
(A) No , nothing to do with the war file.
mfpadmin,mfpdeployer,mfpmonitor, and mfpoperator are the default security roles defined by Mobilefirst. The same security roles will need to be defined for your test and integration environments. These security roles can in-turn be grouped to the right groups i.e
mfpadmin-test, mfpadmin-in etc.
Is it possible in any of the existing LDAP servers to edit a schema in one of the editors available? Like JXplorer, Apache Directory Studio, LDAP Admin?
I tried with OpenLDAP and all of the above tools (I run the server with -F option) but it looks like it's not possible to modify schema - add new attributes, add descriptions etc.
I would be grateful if any of you have some experience with this.
Cheers
Some LDAP servers allow (authorized users) to change the schema by sending LDAP modify operation affecting the so-called subschema subentry directly, but not OpenLDAP.
In OpenLDAP you have two possible configuration methods:
Static file configuration usually with schema files being simply included (aka slapd.conf) which requires slapd to be restarted to make configuration changes effective
Dynamic configuration backend back-config (aka cn=config) for which you can also define ACLs restricting access to your LDAP admins
The dynamic configuration method allows to tweak the schema via LDAP making it effective without server-restart. But you have to modify the multiple LDAP entries in sub-tree cn=schema,cn=config which you can do with any generic LDAP client.
Since schema descriptions usually reference other schema descriptions the order is important. Standard LDAP does not know about order of entries beneath an entry or order of attribute values. Therefore OpenLDAP implements an extension specified in draft-chu-ldap-xordered.
What is the purpose of datasync project in weblogic project?
What is *.evt, *.req, *.usr files?
There is a good explanation on the docs about datasync. Basically it is a webapp used to copy data across from one weblogic server instance (actually from it's database) to another. Example - copying all the data from production to test instances.
*.evt, *.req, *.usr files are XML format files used in Weblogic Portal applications.
EVT files are event files which can be triggered at any user interaction with the Portal. This is mainly used for capturing user behaviour and firing any rules, an example is a
campaign fired for specific users.
REQ files define the HttpRequest attributes
USR files define UserProfile attributes
I have a Reporting services project that has a number of reports in the the report folder and a Live, Test and Dev data source in the Shared Data Source folder.
I have set up the solution configurations to deploy to different folders on the server based on the config (eg. debug -> dev).
My problem is that i need the reports in the dev folder on the server to use the dev datasource, the test reports to use the test datasource and the live reports to use the live datasource.
What is the best approach to take?
Put the datasources in different folders too.
You can configure the RS project datasource folder as well as for RDLs, so you can keep the same name for the datasource.
I would recommend that you create a reporting site per environment with the same folder structure and use data sources with the same name in all three places pointing to the appropriate database.
We have a traditional UV account. Data files in one directory, application programs & subroutines in another directory. Our latest projects is implementing JDBC and in order to fully access the subroutines from java, I belive I need to create a schema on the existing uv account.
How can I do this? I tried logging in as uvadm and create a schema. Get the following error:
CREATE SCHEMA TEST;
UniVerse/SQL: "uvadm" is not an SQL user.
Can anyone help?
They're both admin, per the docs, but a UniVerse Admin is simply someone who has r/w perms on the underlying files used in creation (uvadm and/or root).
Who Is a UniVerse Administrator?
To
perform most administration tasks, you
must be logged on as a UniVerse
Administrator. On UNIX systems,
UniVerse administrators must log on as
root or as uvadm. On Windows systems,
UniVerse administrators must log on as
a member of the Administrators group.
You can then use UniVerse Admin and
UniVerse administration commands to
perform UniVerse administration.
However, a UniVerse SQL admin is the person who has read/write permissions on the CATALOG. If you can't create a catalog it is probably because you don't have r/w perms on the directory you're in, because the catalog is just a file.
When you installed UniVerse, who did you say the owner of uvsql is - uvadm or root? The only way I know to resolve this problem is to go through a reinstallation to allow answer uvadm so all the files within SQL will be setup and cataloged properly.