AMO Wrappers for Securing Analysis Service Cube

Role Creation Method

With the Major Objects accounted for it’s time to get stuck in the AMO Security classes. The method shown below creates a Role in Analysis Service Database.


'AMO method to add a role to Analysis Service database

Public Function AddRole(ByVal parmRoleName As String) As Boolean

Dim objRole As Role

parmRoleName = parmRoleName.Trim()

Try

If Me.DatabaseObj.Roles.FindByName(parmRoleName) Is Nothing Then

objRole = Me.DatabaseObj.Roles.Add(parmRoleName)

objRole.Update()

End If

Catch ServerNotFoundException As ConnectionException

Throw ServerNotFoundException

Catch ErrorAddingRoleException As OperationException

Throw ErrorAddingRoleException

Catch GenericAMOException As AmoException

Throw GenericAMOException

End Try

Return True

End Function

Role Membership Methods

The code shown below adds an Active Directory or Local user to the Role. The Active Directory user name must be in the form of <domain name>\<user name>. If the user name is a local account, pass as <user name> and ignore the domain. In either case, if the user name is not found an exception is raised.

AddMemberToRole()


'AMO method to add a Member to Analysis Service database role

Public Overloads Function AddMemberToRole(ByVal parmRoleName As String, ByVal parmADUserName As String) As Boolean

Dim objRole As Role

parmRoleName = parmRoleName.Trim()

parmADUserName = parmADUserName.Trim()

If IsNullOrEmpty(parmRoleName) Or IsNullOrEmpty(parmADUserName) Then

Return False 'Invalid Rolename/AD User name

End If

Try

If Me.DatabaseObj.Roles.FindByName(parmRoleName) Is Nothing Then

Me.AddRole(parmRoleName) 'Role does not exists, so add role first

End If

objRole = Me.DatabaseObj.Roles.FindByName(parmRoleName)

objRole.Members.Add(New RoleMember(parmADUserName))

objRole.Update(UpdateOptions.Default, UpdateMode.Update)

Catch ServerNotFoundException As ConnectionException

Throw ServerNotFoundException

Catch ErrorAddingMemberException As OperationException

objRole.Refresh()

Throw ErrorAddingMemberException

Catch GenericAMOException As AmoException

Throw GenericAMOException

End Try

Return True

End Function

The above method adds one user at a time. Sometimes it is better to add a user collection to the Role. For such situations, use the code shown below which adds a collection of Active Directory or Local users to the Role.


'Overloaded AMO method to add a Member Collection to Analysis Service database role

Public Overloads Function AddMemberToRole(ByVal parmRoleName As String, ByVal parmADUserCollection As Collection) As Boolean

Dim objRole As Role

Dim intIndex As Integer

parmRoleName = parmRoleName.Trim()

If IsNullOrEmpty(parmRoleName) Or parmADUserCollection.Count
Return False 'Invalid Rolename/AD User name

End If

If Me.DatabaseObj.Roles.FindByName(parmRoleName) Is Nothing Then

Me.AddRole(parmRoleName) 'Role does not exists, so add role first

End If

Try

objRole = Me.DatabaseObj.Roles.FindByName(parmRoleName)

'Try

Dim colRoleMember As RoleMemberCollection = New RoleMemberCollection()

For intIndex = 1 To parmADUserCollection.Count

colRoleMember.Add(New RoleMember(parmADUserCollection(intIndex)))

'objRole.Members.AddRange(New RoleMember(parmADUserCollection(intIndex)))

Next

objRole.Members.AddRange(colRoleMember)

objRole.Update()

'Catch ex As Exception

' objRole.Refresh()

'End Try

Catch ServerNotFoundException As ConnectionException

Throw ServerNotFoundException

Catch ErrorAddingRoleException As OperationException

objRole.Refresh()

Throw ErrorAddingRoleException

Catch GenericAMOException As AmoException

Throw GenericAMOException

End Try

Return True

End Function

RemoveAllMembersFromRole()

The code shown below removes all members from the specified Role. This is especially useful when the role membership has to be reviewed without changing the role permissions.


'AMO method to Remove all Members from Analysis Service database role

Public Function RemoveAllMembersFromRole(ByVal parmRoleName As String) As Boolean

Dim objRole As Role

parmRoleName = parmRoleName.Trim()

If IsNullOrEmpty(parmRoleName) Then

Return False 'Invalid Rolename/AD User name

End If

If Me.DatabaseObj.Roles.FindByName(parmRoleName) Is Nothing Then

Return False 'Role does not exists

End If

Try

objRole = Me.DatabaseObj.Roles.FindByName(parmRoleName)

If objRole.Members.Count
Return True

End If

objRole.Members.Clear()

objRole.Update()

Catch ServerNotFoundException As ConnectionException

Throw ServerNotFoundException

Catch ErrorAddingRoleException As OperationException

Throw ErrorAddingRoleException

Catch GenericAMOException As AmoException

Throw GenericAMOException

End Try

Return True

End Function

3 thoughts on “AMO Wrappers for Securing Analysis Service Cube

  1. I think speaking or writing it out loud made me think about it more. Then it downed on me to use SQL Profiler!

    … why didn’t I think of this before?!?!

    I’m proud and ashamed at the same time in finding out this simple answer to my own question.

  2. Hi,

    This question has been bugging me for a long time. How can you identify who are the currently connected users on your Analysis Services?

    Any insight would be appreciated.

    Thanks in advance

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s