hi we've begun recording apps x roles at my company. Currently the apps are erp's but i think roles attached to tabular models would blend nicely, especially if i can find a way to also expand the groups assigned to certain roles. i'd feed the data daily. from what i've seen AD has some kind of query capability but i couldnt get it too far in my installed AD client.
if you are comfortable with PowerShell, this example command will get all end users, including those that are members via a group-within-a-group:
here i am assuming you found a group named "SSASTabularAccess" with current permissions, and want to know who's getting access.
Get-ADGroupMember -Identity "SSASTabularAccess" -Recursive | SELECT -property SamAccountName |Sort-Object -Property SamAccountName
Lowell
March 22, 2024 at 11:21 am
thx lowell, by any chance do you also know how to get a list of members/groups from each role under a tabular model database? I might have asked too many questions in this post and can easily post this portion in a new post.
March 22, 2024 at 5:17 pm
This?
SELECT * FROM $System.TMSCHEMA_ROLES
SELECT * FROM #TMSCHEMA_ROLE_MEMBERSHIPS
March 26, 2024 at 1:52 pm
thx chrissy321. Where would i run that? in the engine on the same server where ssas is? I dontg think t-sql ius a choice of language on the ssas instance. i get an error when i run that on the engine.
March 26, 2024 at 2:50 pm
You can issue an MDX query or a TSQL query against a linked server.
https://www.sqlshack.com/linking-relational-databases-with-olap-cube/
March 26, 2024 at 4:24 pm
thank you chrissy321,
i read your link quickly and see if i have an mdx query, it would be sent native thru openquery probably via a new query from a db or the instance itself.
But i can also send thru openquery your t-sql looking querys?
March 26, 2024 at 7:56 pm
This is tsql
DROP TABLE IF EXISTS #Roles;
SELECT * INTO #Roles FROM OPENROWSET
(
'MSOLAP',
'Data Source=localhost;Initial Catalog=YourSSASDatabaseName;Provider=MSOLAP.4;Integrated Security=SSPI;Format=Tabular;',
'SELECT * FROM $System.TMSCHEMA_ROLES'
);
DROP TABLE IF EXISTS #RoleMemberships;
SELECT * INTO #RoleMemberships FROM OPENROWSET
(
'MSOLAP',
'Data Source=localhost;Initial Catalog=YourSSASDatabaseName;Provider=MSOLAP.4;Integrated Security=SSPI;Format=Tabular;',
'SELECT * FROM $System.TMSCHEMA_ROLE_MEMBERSHIPS'
);
SELECT * FROM #Roles
SELECT * FROM #RoleMemberships
March 27, 2024 at 12:32 pm
thx, so those 2 selects are mdx. i was able to run them right on the ssas instance without a linked server. But i understand the value in having a linked server where more flexibility is possible. Now i have to decide whose post to mark as an answer. i believe only one answer is allowed per post on this forum. Chrissy321 i "liked" yours and marked lowell's as an answer. next time i'll separate posts better.
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply