Re: Execute MDX from T-sql -Procs and Cons?

For IIS5 I think storing the credentials in the registry is probably a
reasonable approach.

For IIS6 you could setup an application pool and control the identity
from there without having to setup anything special in the web.config.

If your IIS server is in the DMZ I would setup a local account on it and
use that account.

On the MSAS server I would set up the same username/password, but I
would not run MSAS under that account. I would setup that account with
the absolute minimum privileges and then put that user in the
appropriate role(s) in MSAS. This user would not need the ability to see
even log on to the MSAS server and would not even need write privileges
to the disk drives.

--
Regards
Darren Gosbell [MCSD]
Blog: http://www.geekswithblogs.net/darrengosbell

In article <3FE2A0A5-2568-4B2E-9ABD-55E8122B8F2C@xxxxxxxxxxxxx>,
AlexDeiden@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> security really 'interesting subject'for MSAS 2k and msas2k5 - not finished
> product ...at all...but...
> Application security ...looks like the only right choice...
> Would it be secure if I'll implement the following:
> set up in asp.net site (IIS server) config file with 'windows' security
> (token) and set up the path in application.config file to the registry where
> user/pwd for the dummy winnt account is set up... Run MSAS under this dummy
> account...therefore, the application has integrated security (with token
> generated by this dummy account )...still this dummy account has 'full'
> access ...to MSAS but at least nobody knows the username/pwd...and won't be
> able to access MSAS from Excel...the drawback that this account will give
> smbd. possibility to hack into the MSAS or even to network...(external
> user)...for internal user is looks pretty safe...
> Your opinion is highly appreciated.
>
> Alex
>
> "Darren Gosbell" wrote:
>
> > I have not seen too much material specifically on security. AS2k5 uses a
> > model similar to the one used in AS2k. Mosha (development lead for AS)
> > has the following page on his website:
> >
> > http://www.mosha.com/msolap/articles/yukondimensionsecurity.htm
> >
> > As you are probably aware, if you are using an application tier (like
> > Reporting Services) you will find that you will either need to set up
> > Kerberos authentication or manage the security in that tier.
> >
> > I like the idea of setting up the security in the database, but that is
> > not always practical. If you setup security in the application tier, you
> > need to make sure that the application is the only way people can get
> > access to the cubes. If anyone can bypass the application tier and
> > connect directly using a client like excel, they would be bypassing the
> > security. But as long as you are aware of this and manage it
> > appropriately there is no reason it will not work.
> >
> > HTH
> >
> > --
> > Regards
> > Darren Gosbell [MCSD]
> > Blog: http://www.geekswithblogs.net/darrengosbell
> >
> > In article <BC1DCF66-21A6-450D-A451-33CB7B84984D@xxxxxxxxxxxxx>, "=?Utf-
> > 8?B?QWxleCBEZWlkZW4=?=" <Alex Deiden@xxxxxxxxxxxxxxxxxxxxxxxxx> says...
> > > Thank you Darren!
> > > It was of great help! but that brings another question:
> > >
> > > is there any 'best practice' white paper for setting up security access to
.

Relevant Pages

  • Re: Execute MDX from T-sql -Procs and Cons?
    ... > from there without having to setup anything special in the web.config. ... > use that account. ... > On the MSAS server I would set up the same username/password, ... >>> Kerberos authentication or manage the security in that tier. ...
    (microsoft.public.sqlserver.olap)
  • Re: Help with Norton Internet Security Setup
    ... should use the Norton Account Manager or Windows Account Manager. ... setup my password for Windows Account before assigning Norton Parental ... Norton Internet Security could just help me get it setup properly I would be ...
    (microsoft.public.windowsxp.general)
  • i am locked out of my computer
    ... where your security is held it's pretty unlikely. ... you have never created an account called test, ... the account may be setup as such. ... >that shows the word test for user name ...
    (microsoft.public.windowsxp.security_admin)
  • User Account Deletion Problem
    ... Over a year ago when I was attempting to setup my XP system for file ... security, I must have confused XP when I deleted an account because since ... the registry key for the old user which I needed to do to delete the files, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Execute MDX from T-sql -Procs and Cons?
    ... Application security ...looks like the only right choice... ... set up in asp.net site (IIS server) config file with 'windows' security ... user/pwd for the dummy winnt account is set up... ... Run MSAS under this dummy ...
    (microsoft.public.sqlserver.olap)