For my project i built a cube (with Analysis Manager). Now i had to define
roles. After i done this, i tested each role and the restrictions seams to
work. But if a user who is member of a restricted role opens the cube with
Crystal Analysis 10.0, he can see all.

How could I solve this problem?

--
Message posted via http://www.sqlmonster.com

Analysis Services enforces roles for in-bound connections regardless of
client. So I am sure that it isn't AS itself. Might this be a web-based
system? If so, then the connection coming into Analysis Services is not the
client, but rather the mid-tier user who is making the connection on your
behalf.
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Markus Teichmann via SQLMonster.com" <forum (AT) SQLMonster (DOT) com> wrote in
message news:7249ab2cfc8d402da66d78cc74989565 (AT) SQLMonster (DOT) com...

No it isn't a web-based system. The users have Crystal Analysis on their
clients. They lock on the "Analysis"-Server with their Win NT 4.0 user-name
and password. The Cube is on the server and the roles are based on the Win
NT 4.0 user-names. So I think it should be easy to compare the user-name in
the role with the user-name locked on. Or I'm wrong?

--
Message posted via http://www.sqlmonster.com

Is the user "who can see everything" a member of the machine administrators
or a member of the
OLAP administrators group? If so, then they get to see everything.
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Markus Teichmann via SQLMonster.com" <forum (AT) SQLMonster (DOT) com> wrote in
message news:1e8d40bca3634a2f90d7ba6d7608efad (AT) SQLMonster (DOT) com...

Thanks for your idea. I tested it and I see, that "everybody" was member of
the local admin group. But after I delete the entry nobody could see
anything. Even me, as a admin. A phenomenon is, that I could see everything
if I don't enter user-name and password. It's really confusing?!

I think, that their must be a bug.

--
Message posted via http://www.sqlmonster.com

I doubt that there is a bug. What I think is more likely is that your system
has an unusal set of security setups. What I would suggest is that you
un-install Analysis Services. Do a complete and in-depth analysis of who is
in what groups, what ACLs are in-place (both on-disk and on the registry),
etc. Add yourself to the Administrators group -- but keep that list very
small. Then re-install using the local administrator account. Then run the
SP3 Analysis Services upgrade (there is a separate one for AS).

On your client machines, make sure you upgrade their version of PTS by
running either ptslite.exe or ptsfull.exe found on the SP3 Analysis Services
distribution in the \msolap\install\pts folder.

Hope that helps
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.

"Markus Teichmann via SQLMonster.com" <forum (AT) SQLMonster (DOT) com> wrote in
message news:597e73490fbb4eb5b432040a6a2633d1 (AT) SQLMonster (DOT) com...

I could solve the problem (a part of it).
There was a problem with the registration. If I fill in username and
password in CA, I could not register me on the server. If I do not so, CA
uses username and password of the local client. Then I could see these
cubes where I'm allowed to see them. But now there is another problem.
These do only work, if there are no limitations in the dimensions. If I
limit some dimensions, I can't see the whole cube.

Do you have any idea, how I could solve this problem?

--
Message posted via http://www.sqlmonster.com