You use the Analysis Services Deployment Wizard to deploy a Microsoft SQL Server 2005 Analysis Services (SSAS) project. If you select the
Retain roles and members option on the
Specify Options for Partitions and Roles page, security permissions that are associated with the existing roles reset to
none.
Additionally, all the cube security settings that are defined by the roles and all the dimension security settings that are defined by the roles are lost.
Back to the top
This issue occurs because security permissions secure objects, and these objects contain the security permissions. Security permissions are not contained by the security roles with which the security permissions are associated. You cannot use the
Retain roles and members option to maintain the existing security settings.
Back to the top
To maintain security settings after you run the Analysis Services Deployment Wizard, use one of the following methods.
Back to the top
Method 1
To deploy a master SSAS project to many destination servers, follow these steps.
Note This method assumes that each server differs only in the dimension data permission of the security role.
| 1. | In SQL Server Business Intelligence Development Studio, open the master project.
|
| 2. | Add roles to contain the permissions that the SSAS project requires. |
| 3. | Configure permissions on the master project for each role. |
| 4. | For each role, configure the membership to apply the permissions on each destination server. These permissions are required for the databases on each destination server.
Note If a destination database does not have to have a role, you must not configure the membership setting. |
| 5. | Use the Analysis Services Deployment Wizard to deploy the master project. |
| 6. | On the Specify Options for Partitions and Roles page, select the Deploy roles and retain members option.
|
Back to the top
Method 2
Use this method if the following conditions are true:
| • | You have many SSAS projects for one database, and you want to deploy these projects to one or more destination servers. |
| • | The existing roles have complex security settings. |
To restore the previous security settings for the database, follow these steps before you deploy the SSAS projects:
| 1. | Open SQL Server Management Studio, and then connect to the destination SSAS server. |
| 2. | In Object Explorer, right-click the role that you want to maintain, and then click Duplicate. |
| 3. | In the New Role Name box, type a name, and then click Script.
A new query window appears in SQL Server Management Studio. |
| 4. | Click Cancel to close the Analysis Services Duplicate Security Role dialog box.
|
| 5. | In the new query window, remove the first <Alter> XML tag and all the information that is included in the first <Alter> XML tag.
Note The information in the first <Alter> XML tag in the script creates a new role. |
| 6. | Replace the information in all the <RoleID> tags with the role ID of the existing role that you want to maintain.
Note To obtain the role ID of the existing role, follow these steps:
| a. | Right-click the role, point to Script Role as, point to Create To, and then click New Query Editor Window.
A new query window appears. | | b. | In the new query window, notice the value of the information that is included in the <ID> XML tags.
|
|
| 7. | Save the script.
After you deploy the SSAS project, you can run the script to restore the security settings. |
| 8. | Repeat steps 1-7 for each role.
|
| 9. | Use the Analysis Services Deployment Wizard to deploy the master project. |
| 10. | On the Specify Options for Partitions and Roles page, select the Deploy roles and retain members option. |
| 11. | Run the scripts that you saved in step 7 to restore the security settings.
Note If objects that the security settings secure have been removed or if the objects are significantly changed, you must manually modify the scripts to reflect the changes. |
Back to the top
This behavior is by design.
Back to the top
The Analysis Services Deployment Wizard uses the XML for Analysis (XMLA) protocol to deploy the metadata of an SSAS project to a destination server. The XMLA protocol handles the output files that are generated by the SSAS project.
The Analysis Services Deployment Wizard provides three options that maintain certain security settings on the destination server. The following table lists these options and the behavior that occurs when you select these options.
| Option | Result |
|---|
| Deploy roles and members | Any existing roles and members are replaced. |
| Deploy roles and retain members | Roles are deployed. New roles are deployed together with their members. |
| Retain roles and members | Roles and members are not deployed. |
When you use Analysis Management Objects (AMO) to create roles or other objects, we recommend that you provide the ID of the role and the name of role if you do not create many roles. For example, provide the ID of the role and the name of the role when you want to create fewer than 100 roles.
Back to the top
Help and Support
