Security

Steps to implement per user security in All Up MS BI

MOSS/WSS

• edit authentication for the port 80 webapp. Application Management -> Application Security -> Authentication Providers.
• Change IIS setting to Negotiate (Kerberos) with Integrated Windows authentication checked.
• edit web.config found under /inetpub/wwwroot/wss/VirtualDirectories/<port>. Change Bpm.ConnectionPerUser to “True”

PPS

• edit web.config found /Program Files/Microsoft Office PerformancePoint Server/3.0/Monitoring/PPSMonitoring_1/WebService. Change Bpm.ConnectionPerUser to “True”.
• I would advise to change the web.config for the Preview site there too.

ProClarity

• Set Cache.AccessMgr = AccessMgr
• Cache.RestrictAccessToCacheDir = False
• Cache.HitRate = 0
• Cache.SpaceLimitMB = 10
• Cache.HardSpaceLimitMB = 10

SQL

Option 1

• Create Roles, add AD groups to roles
• Lock down dimensions and dimension members in cube.

Option 2

• Cross Reference table which maps userid’s to dimension member. Pass userid as part of allowed member set in mdx.

Security

Been runnning into security issues when building out environments on multiple boxes. I figured out a best practice for POC’s and demos is to use a domain user for everything! Specifically, all IIS AppPools (Sharepoint, BSM, ReportingServices, etc…), add it to roles in SQL (DB and AS) and use it for the Service ID account for running all processes. That way you should not have any issues.  If you need to create a local admin account on a box, create a group and add the domain user to it.