Active Directory Authentication in PowerOLAP

 

 

Windows Authentication in PowerOLAP® or Active Directory Authentication allows users to access PowerOLAP database without login process. Through this feature, users can utilize and maintain existing windows groups.

In order to use the Windows Authentication you must take note of the following:

[1]   Your server license must be enabled.

[2]   A standard client license can connect to a server using Windows authentication provided the server has this option enabled.

[3]   A user can open a local database using Windows authentication provided their local license has this option enabled.

Once the license has the NT Authentication feature enabled, the database must be configured to also support this feature.

To configure the database:

1.   The PowerOLAP database must be opened via the PowerOLAP Server.

2.   In the PowerOLAP ribbon, select Home and Options command.
The Options dialog box appears.

3.   A database must be enabled to support authentication and it must be given a domain name (As in the sample image, the Enable Windows Authentication using domain checkbox is enabled and the domain name specified was ‘PARISTECH’).

4.   Close and re-open the database.

Notice that it automatically opens up the corresponding database and it no longer prompts for a user name and password.

 Notes

A user must be a database administrator to enable/disable the Windows Authentication feature. A domain name must be specified which will be saved in the database. When a user connects to the PowerOLAP database, the engine checks to see if the current AD user is logged onto the specified domain. If this passes, the user will automatically be connected to the database (with no user/password request) and will have the privileges granted in PowerOLAP®.

Active Directory Security Rule

In PowerOLAP, Active Directory users or group are not allowed some functions such as:

  • Users & Groups
  • Database Privileges
  • Change Password
  • Create New Cube and Slice

To use these functions, user must login as regular PowerOLAP Administrator user.

 Warning

Please take caution that having a PowerOLAP user with the same name as an Active Directory user will cause conflict. PowerOLAP user name and Active Directory user name must NOT be identical.

In order to manage PowerOLAP security, a user must login with a PowerOLAP Administrator account. To do this:

1.   Close the database that was opened using Windows Authentication.

2.   Re-open the database.

The Logon as Administrator check box when enabled is going to force a login prompt.

3.   Enable Logon As Administrator checkbox and then select OK.

The “Logon As Administrator” checkbox forces the Windows Authentication feature to be bypassed and prompt for a PowerOLAP username and password.

Once logged in as a PowerOLAP admin, a user can define metadata and fact data security for either PowerOLAP or Windows users. When assigning security, the Select Users and Groups list will contain both the PowerOLAP users and the Windows users.

Security is applied to the different user types exactly the same way.

When you view Model menu you will see that Users & Groups, Database Privileges and Change Password features are now active and can be accessed. Additionally, you are now also allowed to create new cubes and slices.