Presentation is loading. Please wait.

Presentation is loading. Please wait.

AS Introduction and OLAP Security - Agenda Analysis Services (SSAS) and Microsoft BI stack Analysis Services feature areas Whats new in SQL Server 2008.

Similar presentations


Presentation on theme: "AS Introduction and OLAP Security - Agenda Analysis Services (SSAS) and Microsoft BI stack Analysis Services feature areas Whats new in SQL Server 2008."— Presentation transcript:

1 AS Introduction and OLAP Security - Agenda Analysis Services (SSAS) and Microsoft BI stack Analysis Services feature areas Whats new in SQL Server 2008 SSAS Analysis Services Security Architecture Custom Data Security – static and dynamic Demos using Adventure Works OLAP cube

2

3 Unified Dimensional Model Integrating relational and OLAP views Pro-active caching Bringing the best of MOLAP to ROLAP Advanced Business Intelligence KPIs, MDX scripts, translations, currency… Web services Native XML/A

4 Get to heterogeneous data? Combine it & understand it? Easily navigate through it? Consume it as business metrics? Explore it interactively? Get consistent information? Gain unique insight into it? Gain competitive advantage? Align around common goals? Do it all without disturbing the operational systems? DW Datamart Dashboards Production Reports BI Front Ends Spreadsheets Ad-Hoc Reports LOB DW Datamart SQL Server Teradata Oracle DB2 How do users:

5 DW Datamart Dashboards Production Reports BI Front Ends Spreadsheets Ad-Hoc Reports LOB DW Datamart SQL Server Teradata Oracle DB2 XML/A or ODBO UDM Analysis Services Cache

6 DW Datamart Dashboards Production Reports BI Front Ends Spreadsheets Ad-Hoc Reports LOB DW Datamart SQL Server Teradata Oracle DB2 XML/A or ODBO UDM Analysis Services Cache Excel Visio Excel Server Sharepoint Project Server RS Report Designer RS Report Builder Biztalk BSM 2005 MBS Performance Point VS Burton Business Objects Cognos SPSS Proclarity Panorama Outlooksoft GEAC MIS AG 100s other vendors

7 One Version of the Truth Performance Advanced analytics

8 One Version of the Truth Performance Advanced analytics One way to get to all enterprise data sources Common, user friendly, business terminology Central repository of sanctioned enterprise business logic One set of key business metrics and goals Consistent, easy, user experience with the data One version of business information, available in every client tool or application =UDM

9 DSV - Access and combine heterogeneous data sources One Click Cube wizard – auto build a cube from a relational schema Complex schemas - multiple fact tables, new dimension relationships, many-to-many dimensions Attribute based dimensions - full wealth of stored data, reporting Translations - native experience in any language Perspectives – custom views of the business data model Advanced BI – time intelligence, financial intelligence, semi-additive measures MDX Scripts – new language, debugger KPIs – central scorecard repository Actions – new reporting action, multiple drill-through action XML/A access – one version of truth in hundreds of BI tools

10 Many-to-Many Dimensions Many-to-Many dimensions Provide immense value in modeling real world Handle many interesting scenarios Can cause performance problems -As bridge table grows -As cascading of M2M relationships grows Many-to-Many Design Patterns Many-to-many dimensional modeling paper Optimization techniques Create aggregations to support M2M model Partition measure groups to support M2M model Matrix optimization technique

11 One Version of the Truth Performance Advanced analytics Enable ad-hoc, dynamic, exploratory experience with the data Isolate back-end sources from exhaustive users queries Automatically synchronize =Proactive Caching

12 Analysis Services RDBMS MOLAP cacheUpdateMDX UDMEvents New Version Data SQL

13 Analysis Services RDBMS MDX New VersionSQL MOLAP cache UDM Data

14 Sparse block (subspace) query improvements More performance information Real-time design warnings Write-back partition Improved wizards CREATE CACHE Scale out read only servers YTD and PeriodsToDate use optimised path Fast and scalable backups Dynamic sets Compression (SQLS)

15 15 Tools Enhancement Attribute Relationships in a time dimension

16

17 Connection1Connection1 SessionSession Session Scope DatabaseDatabase Dim1Dim1 Dim1Dim1 CubeCube MG1MG1 Part1Part1Part2Part2 Discover_ConnectionsDiscover_Connections Discover_SessionsDiscover_Sessions Discover_CommandsDiscover_Commands Discover_Object_ActivityDiscover_Object_Activity Discover_Object_Memory_UsageDiscover_Object_Memory_Usage Discover_Command_ObjectsDiscover_Command_Objects Connection2Connection2 SessionSession

18 18Ask/Need Easy way of scaling out AS data cross multiple machines. Today's Problem While MOLAP cubes are Read-Only databases, no two servers are share same data directory. Cube Sync – works but has latency issues which are not acceptable in load balanced solutions. AS 2008 Solution Single read-only copy database is shared between several Analysis Servers.... SAN storage Analysis Server Virtual IP

19 Need Estimated 20% of cubes are greater then 50GB BI is mission critical to many business Needs fast and reliable backup – I need a fast means of moving /shipping cubes from one server to another Problem Analysis Services 2005 backup scales well up to 20GB cubes. Beyond 20GB seeing significant performance degradation on backup operation Note: 20GB of AS cubes represents ~ 80GB relational data Today's workaround: File copy of data folder Solution Out of the box performance that is comparable to the speed of file copy

20

21 Analysis Services Security architecture Secure By Default – standard SQL Server policy Integrated Windows Security (authentication) Service runs with least privileges required Managed code in object models, stored procedures Custom data security for dimensions and cell data Based on Unified Dimensional Model (UDM) Administrative security at server and database levels Encryption of communications, passwords.. Security implemented at server – not at client

22 Combining Roles Roles grant access to data Roles grant access to data If a user has permissions to see dimension members or data because of membership in a role, such members and data are visible independent of users membership in other roles If a user has permissions to see dimension members or data because of membership in a role, such members and data are visible independent of users membership in other roles Users are allowed to state roles they want to apply during a session Users are allowed to state roles they want to apply during a session Roles connection string propertyRoles connection string property Select from roles they belong toSelect from roles they belong to Role1Role2Combining Role1 and Role2

23 10,500 20,625 16,500 Sq Ft N/A35West $7,600K75Central N/A50East Total salary Employees Cell-level security 10,500 20,625 16,500 Sq Ft 35West 75Central 50East Employees Dimension Member security Defining Security Two ways to define Security: Two ways to define Security: Cell levelCell level Dimension memberDimension member

24 Cell Security Use Cell Security when user can see all dimension members, but not all data for each member Use Cell Security when user can see all dimension members, but not all data for each member Sales Managers can see profit for some products, but only Gross Sales for othersSales Managers can see profit for some products, but only Gross Sales for others Cannot see profit if value less than $1000.00, otherwise visibleCannot see profit if value less than $1000.00, otherwise visible Cell security is defined with MDX expressions that resolve to true or false Cell security is defined with MDX expressions that resolve to true or false Can see the cell if expression resolves true; not viewable if expression resolves to falseCan see the cell if expression resolves true; not viewable if expression resolves to false

25 Types of Cell Permissions Three different types of cell permissions Three different types of cell permissions Read: access to target cells determined solely from the expressionRead: access to target cells determined solely from the expression ReadContingent: must also have access to cells used in the derivation of the target cell.ReadContingent: must also have access to cells used in the derivation of the target cell. Read/WriteRead/Write RevenueExpenses Profit (=Revenue- Expense) Canada#N/A$123.04$45.01 USA#N/A$675.02($23.09) Mexico#N/A$423.98$12.46 Revenue Expense s Profit (=Revenue- Expense) Canada#N/A$123.04#N/A USA#N/A$675.02#N/A Mexico#N/A$423.98#N/A Read cell permission resolves to true ReadContingent cell permission resolves to true

26 Cell Security: Other Considerations Administer Cell Security with free- form MDX – requires some MDX knowledge Administer Cell Security with free- form MDX – requires some MDX knowledge Secured Cell Value connection string property can be used to change how secured cells appear Secured Cell Value connection string property can be used to change how secured cells appear Secured Cell Value connection string property Secured Cell Value connection string property

27 Dimension Security: Terms AllowedSet AllowedSet List of members role permitted to seeList of members role permitted to see DeniedSet DeniedSet List of members role not permitted to seeList of members role not permitted to see ApplyDenied ApplyDenied defines scope of members denieddefines scope of members denied DefaultMember DefaultMember defines the default attribute member for roledefines the default attribute member for role

28 Visual Totals Visual Totals – controls whether aggregated values are based on viewable members or all members Visual Totals – controls whether aggregated values are based on viewable members or all members If role can see USA, but not Canada or Mexico, what value should be shown for all customers?If role can see USA, but not Canada or Mexico, what value should be shown for all customers? If only visible members are included in the total, VisualTotals is on.If only visible members are included in the total, VisualTotals is on. If all members are included in the total, VisualTotals is off.If all members are included in the total, VisualTotals is off. Visual Totals prevents users from inferring secured data Visual Totals prevents users from inferring secured data

29 Dynamic Dimension Security Occasionally, security must be tailored to the individual user Occasionally, security must be tailored to the individual user Data DrivenData Driven Or completely arbitraryOr completely arbitrary Examples: Examples: Each Project Manager can see projects they have billed time or to which their employees have billed timeEach Project Manager can see projects they have billed time or to which their employees have billed time Each Sales Representatives to see their products and only their productsEach Sales Representatives to see their products and only their products Each of my users can see an arbitrary subset of sales regions that I define.Each of my users can see an arbitrary subset of sales regions that I define. Keep administration of security roles to a minimum Keep administration of security roles to a minimum Let the data drive the rulesLet the data drive the rules Avoid creating a role per userAvoid creating a role per user

30 Dimension and Cell Security - Summary Use Cell Security when Use Cell Security when Users can not see some data for specific dimension membersUsers can not see some data for specific dimension members Use Dimension Security when Use Dimension Security when Users can not see any data for some dimension membersUsers can not see any data for some dimension members Use Dynamic Security when Use Dynamic Security when Security depends on the data itselfSecurity depends on the data itself

31 Demos of Dimension and Cell Security Regular dimension Parent-child dimension Visual Totals Read Cell Security Read Contingent Cell Security

32 Analysis Services: plays a central role in BI Stack SQL 2005: new architecture based on UDM SQL 2008: design, scale and manage better Security: secure by default, with SQL platform User Data Security: customize by dimension / cell Dynamic Security: customize by fact table or sproc

33 Microsoft Books Online (BOL), videos, webcasts Configuring Security (Analysis Services) Dimension Security in SQL Server Analysis Services Deploying, Managing and Securing Analysis Services Analysis Services Books: Microsoft SQL Server 2008 AS Unleashed (Part 8) Expert Cube Development with Microsoft SQL Server 2008 Analysis Services (to be released) Other blog entries and articles: Default members, MDX Scripts, Security, KPIs and Perspectives (Mosha's blog on cube initialization) Protect UDM with Dimension Data Security (SQL Mag)


Download ppt "AS Introduction and OLAP Security - Agenda Analysis Services (SSAS) and Microsoft BI stack Analysis Services feature areas Whats new in SQL Server 2008."

Similar presentations


Ads by Google