dbTalk Databases Forums  

Roles in Connection String

Go Back dbTalk Databases Forums Databases microsoft.public.sqlserver.olap Roles in Connection String

microsoft.public.sqlserver.olap microsoft.public.sqlserver.olap


Discuss Roles in Connection String in the microsoft.public.sqlserver.olap forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
moco
 
Posts: n/a

Default Roles in Connection String - 03-10-2005 , 07:53 AM





Hi to all,
I connect to an OLAP server via ADODB.Connection object; the connection
is made from a script than runs on a Domino Web Server, triggered by
some user action. Well, it works. The script accesses the OLAP server
as an ANONYMOUS user (which is not a problem, as I dont need to pass
any credential to olap), but that also means that I had to grant access
to the database to Everyone using MSOlap Database Roles. Then I read
that I can force a specific database role on a connection:

Provider=MSOLAP; Roles=myDBRole;

but it doesn't work: as soon as I remove the Everyone access to the db,
I stop seeing the data, and get a "The database doesn't exist" message.
So I started searching for similar bug posts, but couldnt find any.

Any idea, suggestion, test, experience or nice story to tell about this?
Thanx in advance


Reply With Quote
  #2  
Old   
Ohjoo Kwon
 
Posts: n/a

Default Re: Roles in Connection String - 03-10-2005 , 09:08 AM





It's not bug...

You can force a specific role and it means that only one of several roles
containing the user can be forced. In other words, it's true that the proper
user still have to be included in the role.

If the users are not in the domain environment, you can consider using IIS
authentication with basic security. If you have to allow anonymous access,
you can set a windows user account mapped to anonymous user through IIS
Manager. Of course, the windows user account has to be added to the role.

Ohjoo Kwon


"moco" <mdaldegan (AT) email (DOT) it> wrote

Quote:
Hi to all,
I connect to an OLAP server via ADODB.Connection object; the connection
is made from a script than runs on a Domino Web Server, triggered by
some user action. Well, it works. The script accesses the OLAP server
as an ANONYMOUS user (which is not a problem, as I dont need to pass
any credential to olap), but that also means that I had to grant access
to the database to Everyone using MSOlap Database Roles. Then I read
that I can force a specific database role on a connection:

Provider=MSOLAP; Roles=myDBRole;

but it doesn't work: as soon as I remove the Everyone access to the db,
I stop seeing the data, and get a "The database doesn't exist" message.
So I started searching for similar bug posts, but couldnt find any.

Any idea, suggestion, test, experience or nice story to tell about this?
Thanx in advance



Reply With Quote
  #3  
Old   
moco
 
Posts: n/a

Default Re: Roles in Connection String - 03-11-2005 , 02:38 AM


Thanks, Ohjoo.
The user is already authenticated thru Domino Server, and I'm in an
Intranet environment, but the point is that I want to avoid that
everyone in the domain can easily gain access to OLAP databases (say,
with Excel....)

Ohjoo Kwon wrote:
Quote:
It's not bug...

You can force a specific role and it means that only one of several
roles containing the user can be forced. In other words, it's true
that the proper user still have to be included in the role.

If the users are not in the domain environment, you can consider
using IIS authentication with basic security. If you have to allow
anonymous access, you can set a windows user account mapped to
anonymous user through IIS Manager. Of course, the windows user
account has to be added to the role.

Ohjoo Kwon


"moco" <mdaldegan (AT) email (DOT) it> wrote in message
news:Usenet.bftdqdjp (AT) localhost (DOT) ..
Hi to all,
I connect to an OLAP server via ADODB.Connection object; the
connection is made from a script than runs on a Domino Web Server,
triggered by some user action. Well, it works. The script accesses
the OLAP server as an ANONYMOUS user (which is not a problem, as I
dont need to pass any credential to olap), but that also means that
I had to grant access to the database to Everyone using MSOlap
Database Roles. Then I read that I can force a specific database
role on a connection:

Provider=MSOLAP; Roles=myDBRole;

but it doesn't work: as soon as I remove the Everyone access to the
db, I stop seeing the data, and get a "The database doesn't exist"
message. So I started searching for similar bug posts, but couldnt
find any.

Any idea, suggestion, test, experience or nice story to tell about
this? Thanx in advance



Reply With Quote
  #4  
Old   
Ohjoo Kwon
 
Posts: n/a

Default Re: Roles in Connection String - 03-11-2005 , 10:08 AM


What is the full connection string? I'm not sure you use IIS authentication
for Analysis Server authentication. For it, you have to use http connection
to Analysis Server in the connection string.

If then, I recommend Basic authentication of IIS. If end users are domain
users, Integrated Windows is more powerful.

Then, if needed you add the domain users group to the local users group on
the IIS machine.
Next, you have only to add the local users group or domain users group to
the cube role.

Ohjoo Kwon


"moco" <mdaldegan (AT) email (DOT) it> wrote

Quote:
Thanks, Ohjoo.
The user is already authenticated thru Domino Server, and I'm in an
Intranet environment, but the point is that I want to avoid that
everyone in the domain can easily gain access to OLAP databases (say,
with Excel....)

Ohjoo Kwon wrote:

It's not bug...

You can force a specific role and it means that only one of several
roles containing the user can be forced. In other words, it's true
that the proper user still have to be included in the role.

If the users are not in the domain environment, you can consider
using IIS authentication with basic security. If you have to allow
anonymous access, you can set a windows user account mapped to
anonymous user through IIS Manager. Of course, the windows user
account has to be added to the role.

Ohjoo Kwon


"moco" <mdaldegan (AT) email (DOT) it> wrote in message
news:Usenet.bftdqdjp (AT) localhost (DOT) ..
Hi to all,
I connect to an OLAP server via ADODB.Connection object; the
connection is made from a script than runs on a Domino Web Server,
triggered by some user action. Well, it works. The script accesses
the OLAP server as an ANONYMOUS user (which is not a problem, as I
dont need to pass any credential to olap), but that also means that
I had to grant access to the database to Everyone using MSOlap
Database Roles. Then I read that I can force a specific database
role on a connection:

Provider=MSOLAP; Roles=myDBRole;

but it doesn't work: as soon as I remove the Everyone access to the
db, I stop seeing the data, and get a "The database doesn't exist"
message. So I started searching for similar bug posts, but couldnt
find any.

Any idea, suggestion, test, experience or nice story to tell about
this? Thanx in advance



Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top