SlideShare a Scribd company logo
Vision and Scope Document | SSAS Prototype
Row Level Security (RLS)
Version 1.0
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 2 of 9
Vision
Pam Lehmann and Brian Leslie have identified a need to provide Row Level Security (RLS) a Microsoft Application (SQL
Server Analysis Services [SSAS]) to service new and existing Sales, Finance, and Operations reports. The source for these
reports originate from TricorBraun’s ERP system Microsoft Dynamics 365. There are two Dynamics 365 applications that
are currently being considered as sources for this initiative. These Dynamics 365 applications are Sales (CRM) and
Finance and Operations. Below are the identified Executive Leadership and Stakeholders from TricorBraun:
• Jeff Douglas, VP Sales Effectiveness
• Bill Stultz, VP of Finance for System’s Controller, Finance (Executive Champion)
• Dave Duxbury, VP of Operations, GSC – Logistics (Executive Champion)
• Doug Bolen, Chief Information Officer
• Pam Lehmann, Director, Applications, IT
• Brain Leslie, Senior Reporting Analyst, IT
• Donovan Foster, IT Consultant, PMO, IT
• Sarah Thomason, Project Manager
• Mike Lang, Consultant - RSM
Due to the complexity of this initiative, it has been decided to complete an Azure Analysis Services RLS Prototype before
we complete the final, expanded Vision Scope Document and the final Design Document. This Vision Scope Document is
of limited scope just for the prototype. As the team at TricorBraun identify and finalize the expanded scope, we will
document and append to an Expanded Vision Scope Document intended for the final design and development, not the
prototype.
It has been decided to use the existing Invoicing Data Mart as our source for the prototype mentioned above. We will be
using one (1) existing fact table (FactInvoiceDetail) along with twenty-five (25) existing dimensions. The number of
dimensions for this prototype should be reduced to the minimal dimensions required to accomplish the goals of the
prototype. Since there are no usable Power BI reports to use to test the Azure Analysis Services RLS prototype, a simple
test Power BI report will be created for testing purposes. To accompany this Vision Scope Document (limited scope), we
will be conducting a Data Discovery and Analysis that will include a Bus Matrix and Conceptual Models to illustrate the
design of the SSAS RLS prototype design pattern being applied to the Invoicing Data Mart. It has been decided that this
prototype will apply Azure Analysis Services RLS against the Division, Region, and Customer dimensions.
Approach
The Azure Analysis Services RLS prototype will require multiple test personas (AD Users) that belong to AD Groups.
These AD Groups should represent persona roles for entire company, division, region, branch, and customer. The AD
Security Groups need to be created with a UPN to be used with Azure Analysis Services. Azure Analysis Services and
Visual Studio 2017 will be used to develop the RLS prototype. The prototype requires us to implement a custom security
schema where user roles and the user's place in the organization are used to determine which divisions, regions, and
customers a user can access. The prototype will use a user security table and a security bridge table to apply RLS to the
user's place in the organization for only one (1) of the following: divisions, regions, or customers for any given user.
Our goal for these prototypes is to apply RLS to the most common security scenario, not the exceptions. We have agreed
to the idea that the prototypes should target the 80/20 business rule.
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 3 of 9
Deliverables
Azure Analysis Services RLS has one (1) deliverable:
• Development RLS Prototype for Azure Analysis Services Start Date: TBD End Date: TBD
o Multiple personas plus Business User Personas
o A complex security model using customer dimension (dimension to apply RLS), a bridge table, and a User (contains
User Login ID and AD Group Name) table. This design uses Bi-Directional Cross Filtering & support Direct Query
o Uses dynamic row level security filters
o Uses production data for three (3) business defined security dimension (Division, Region, and Customer)
o Manual process to load the security bridge table and the security User table with test data (minimal rows)
o 1 Simple, Test Power BI Report to Test SSAS RLS
Clarifications
These are the clarification for the RLS project:
• The business and IT teams will develop and maintain three (3) business defined division, region, & customer dimensions
• The business and IT teams will develop and maintain three (3) security bridge tables and ETL for these Bridge tables
• The business and IT teams will develop and maintain one (1) security User table and ETL for this User table
• The business and IT teams will develop and maintain one (3) security User views (division, region, & customer)
• The business and IT teams will maintain (after initial development) four (4+) SSAS Roles
o SSAS Roles for Division, Region, Customer, and Total Company
• The business and IT teams will develop and maintain one (1) Invoice Star Schema and ETL for that Star Schema
• The Power BI (SSAS) prototype and development for RLS will use the division, region, and customer dimensions
(dimensions to apply RLS), a bridge table, and a User (contains User Login ID and AD Group Name) table. This deliverable
uses Bi-Directional Cross Filtering and will support direct query.
• A simple, test Power BI report to test SSAS RLS (1 Fact and no more than 5 dimensions) will be created. Anything more
complex will be up to the business and IT teams to develop, unless additional time is provided for such development
• Effort estimates are based on 100% resource utilization. Sprints with less than 100% resource utilization, unplanned
maintenance, or non-concurrent development blocks of time may result in increased timelines and end dates.
How to get the Job Done
We will be using the following processes and tools to complete this project and deliverables:
• Azure DevOps (VSTS)
• Team Foundation Services, or Git (TBD), since both are used at TricorBraun for Source Control and Change Management
• We are limiting the work-in-progress by using properly planned deliverables
• PBIs, Tasks, and Kanban Boards will be used as part of Azure DevOps (VSTS)
o Product backlog
o Tasks
o Weekly PowerPoint Updates
o Sprints are not used at TricorBraun
• A scope change log for this document will be used to manage change in an Agile fashion
o Name
o Description (Impact)
o Version
o Requested By
o Approved By
o Date
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 4 of 9
Change Log
Name Description (Impact) Version Requested By Approved By Date
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 5 of 9
Appendix A | Azure Analysis Services, RLS Security Model
The RLS prototype and development use a complex security model using division, region, and customer dimensions
(dimensions to apply RLS), bridge tables, and User (contains User Login ID and AD Group Name) tables / views.
Invoice
Detail
Customer
Date
Branch Division
Region
Customer_Group
Bridge
Customer User
(AD User Name
AD Group)
Bi-Directional
Cross Filter
Division_Group
Bridge
Division User
(AD User Name
AD Group)
Region_Group
Bridge
Region User
(AD User Name
AD Group)
Bi-Directional
Cross Filter
Bi-Directional
Cross Filter
Tricor Braun SSAS Security Model (RLS)
=USERNAME(Division User[AD User Name])
DAX Security Filter Example
=USERNAME(Division User[AD User Name])
DAX Security Filter Example
Invoice
Detail
Customer
Date
Branch Division
Region
Customer_Group
Bridge
Customer User
(AD User Name
AD Group)
Bi-Directional
Cross Filter
Division_Group
Bridge
Division User
(AD User Name
AD Group)
Region_Group
Bridge
Region User
(AD User Name
AD Group)
Bi-Directional
Cross Filter
Bi-Directional
Cross Filter
Tricor Braun SSAS Security Model (RLS)
=USERNAME(Division User[AD User Name])
DAX Security Filter Example
* Note: Model is a subset of the actual dimensions to demonstrate how the new security tables integrate with the existing model.
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 6 of 9
Appendix B | DimDivision, Division Security Bridge and User Security Table
Division Security BridgeDivision Security Bridge
User SecurityUser Security
DimDivisionDimDivision
Fact Invoice DetailFact Invoice Detail
Row Level Security | DimDivision, Division Security Bridge and User Security Table
AD Group NameAD Group NamePKPK
DivisonSecurityIDDivisonSecurityIDPKPK
AD User NameAD User NamePKPK
AD Group NameAD Group Name
DivisionKeyDivisionKeyPKPK
DivisionDescriptionDivisionDescription
DivisionIDDivisionID
DivisonSecurityIDDivisonSecurityID
SortOrderSortOrder
IsActiveIsActive
CompanyKeyCompanyKeyPKPK
DivisionKeyDivisionKeyPKPK
RegionKeyRegionKeyPKPK
BranchKeyBranchKeyPKPK
Additional PKs...Additional PKs...PKPK
attribute names...attribute names...
** Division Security ID is the current Division IDs Only (no history)
Division Security Bridge
User Security
DimDivision
Fact Invoice Detail
Row Level Security | DimDivision, Division Security Bridge and User Security Table
AD Group NamePK
DivisonSecurityIDPK
AD User NamePK
AD Group Name
DivisionKeyPK
DivisionDescription
DivisionID
DivisonSecurityID
SortOrder
IsActive
CompanyKeyPK
DivisionKeyPK
RegionKeyPK
BranchKeyPK
Additional PKs...PK
attribute names...
** Division Security ID is the current Division IDs Only (no history)
Division Security BridgeDivision Security Bridge
User SecurityUser Security
DimDivisionDimDivision
Fact Invoice DetailFact Invoice Detail
Row Level Security | DimDivision, Division Security Bridge and User Security Table
AD User NameAD User NamePKPK
DivisonSecurityIDDivisonSecurityIDPKPK
AD User NameAD User NamePKPK
DivisionKeyDivisionKeyPKPK
DivisionDescriptionDivisionDescription
DivisionIDDivisionID
DivisonSecurityIDDivisonSecurityID
SortOrderSortOrder
IsActiveIsActive
CompanyKeyCompanyKeyPKPK
DivisionKeyDivisionKeyPKPK
RegionKeyRegionKeyPKPK
BranchKeyBranchKeyPKPK
Additional PKs...Additional PKs...PKPK
attribute names...attribute names...
** Division Security ID is the current Division IDs Only (no history)
Division Security Bridge
User Security
DimDivision
Fact Invoice Detail
Row Level Security | DimDivision, Division Security Bridge and User Security Table
AD User NamePK
DivisonSecurityIDPK
AD User NamePK
DivisionKeyPK
DivisionDescription
DivisionID
DivisonSecurityID
SortOrder
IsActive
CompanyKeyPK
DivisionKeyPK
RegionKeyPK
BranchKeyPK
Additional PKs...PK
attribute names...
** Division Security ID is the current Division IDs Only (no history)
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 7 of 9
Appendix C | Security Division ID
-- [Invoicing].[dbo].[DimDivision] with SecurityDivisionID
SELECT TOP (1000) [DivisionKey]
,[DivisionId]
,CASE
WHEN [DivisionId] = 'Central' THEN 'Central'
WHEN [DivisionId] = 'Div_CCE' THEN 'Div_CCE'
WHEN [DivisionId] = 'Div_Intl' THEN 'Div_Intl'
WHEN [DivisionId] = 'Div_MNA' THEN 'Div_MNA'
WHEN [DivisionId] = 'Div_NE' THEN 'Div_NE'
WHEN [DivisionId] = 'Div_NW' THEN 'Div_NW'
WHEN [DivisionId] = 'Div_Other' THEN 'Div_Other'
WHEN [DivisionId] = 'Div_PkgAll' THEN 'Div_PkgAll'
WHEN [DivisionId] = 'Div_PNW' THEN 'Div_PNW'
WHEN [DivisionId] = 'Div_SE' THEN 'Div_SE'
WHEN [DivisionId] = 'Div_SW' THEN 'Div_SW'
WHEN [DivisionId] = 'Div_Taipak' THEN 'Div_Taipak'
WHEN [DivisionId] = 'Div_WP' THEN 'Div_WP'
WHEN [DivisionId] = 'International' THEN 'International'
WHEN [DivisionId] = 'Midwest' THEN 'Midwest'
WHEN [DivisionId] = 'MNA_Div' THEN 'MNA_Div'
WHEN [DivisionId] = 'Other' THEN 'Other'
WHEN [DivisionId] = 'PNW_Div' THEN 'PNW_Div'
WHEN [DivisionId] = 'Taipak_Div' THEN 'Taipak_Div'
WHEN [DivisionId] = 'Unknown' THEN 'Unknown'
WHEN [DivisionId] = 'West' THEN 'West'
WHEN [DivisionId] = 'Wine' THEN 'Wine'
END [SecurityDivisionID]
,[DivisionDescription]
,[CreatedDate]
,[CreatedBy]
,[UpdatedDate]
,[UpdatedBy]
,[SortOrder]
,[IsActive]
FROM [Invoicing].[dbo].[DimDivision]
ORDER BY [DivisionId]
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 8 of 9
Appendix D | Security Region ID
-- [Invoicing].[dbo].[DimRegion] with SecurityRegionID--
SELECT TOP (1000) [RegionKey] ,[RegionId]
,CASE
WHEN [RegionId] = 'Acedo' THEN 'Acedo'
WHEN [RegionId] = 'Binkowski' THEN 'Binkowski'
WHEN [RegionId] = 'Borras' THEN 'Borras'
WHEN [RegionId] = 'Bottene' THEN 'Bottene'
WHEN [RegionId] = 'Briggs' THEN 'Briggs'
WHEN [RegionId] = 'Caldwell' THEN 'Caldwell'
WHEN [RegionId] = 'Canada' THEN 'Canada'
WHEN [RegionId] = 'Danheiser' THEN 'Danheiser'
WHEN [RegionId] = 'Davis' THEN 'Davis'
WHEN [RegionId] = 'DuClos' THEN 'DuClos'
WHEN [RegionId] = 'Europe' THEN 'Europe'
WHEN [RegionId] = 'Forbes' THEN 'Forbes'
WHEN [RegionId] = 'Gibbs' THEN 'Gibbs'
WHEN [RegionId] = 'Kliska' THEN 'Kliska'
WHEN [RegionId] = 'Logue' THEN 'Logue'
WHEN [RegionId] = 'Mexico' THEN 'Mexico'
WHEN [RegionId] = 'MidAtlantic' THEN 'MidAtlantic'
WHEN [RegionId] = 'MidMountain' THEN 'MidMountain'
WHEN [RegionId] = 'MidSouth' THEN 'MidSouth'
WHEN [RegionId] = 'Midwest' THEN 'Midwest'
WHEN [RegionId] = 'Muster' THEN 'Muster'
WHEN [RegionId] = 'Northeast' THEN 'Northeast'
WHEN [RegionId] = 'Northwest' THEN 'Northwest'
WHEN [RegionId] = 'Other' THEN 'Other'
WHEN [RegionId] = 'OtherRegion' THEN 'OtherRegion'
WHEN [RegionId] = 'PkgDesign' THEN 'PkgDesign'
WHEN [RegionId] = 'POD' THEN 'POD'
WHEN [RegionId] = 'PODRegion' THEN 'PODRegion'
WHEN [RegionId] = 'SalesInit' THEN 'SalesInit'
WHEN [RegionId] = 'Simpson' THEN 'Simpson'
WHEN [RegionId] = 'Small' THEN 'Small'
WHEN [RegionId] = 'Southeast' THEN 'Southeast'
WHEN [RegionId] = 'Southwest' THEN 'Southwest'
WHEN [RegionId] = 'Taylor' THEN 'Taylor'
WHEN [RegionId] = 'Texas' THEN 'Texas'
WHEN [RegionId] = 'Unknown' THEN 'Unknown'
WHEN [RegionId] = 'WinePak' THEN 'WinePak'
WHEN [RegionId] = 'Taipak_Reg' THEN 'Taipak_Reg'
WHEN [RegionId] = 'MNA_Reg' THEN 'MNA_Reg'
WHEN [RegionId] = 'PNW_Reg' THEN 'PNW_Reg'
WHEN [RegionId] = 'San_Fran_Reg' THEN 'San_Fran_Reg'
WHEN [RegionId] = 'Reg_CE' THEN 'Reg_CE'
WHEN [RegionId] = 'Reg_EU' THEN 'Reg_EU'
WHEN [RegionId] = 'Reg_MME' THEN 'Reg_MME'
WHEN [RegionId] = 'Reg_MNA' THEN 'Reg_MNA'
WHEN [RegionId] = 'Reg_MS' THEN 'Reg_MS'
WHEN [RegionId] = 'Reg_MW' THEN 'Reg_MW'
WHEN [RegionId] = 'Reg_NE' THEN 'Reg_NE'
WHEN [RegionId] = 'Reg_Other' THEN 'Reg_Other'
WHEN [RegionId] = 'Reg_PNW' THEN 'Reg_PNW'
WHEN [RegionId] = 'Reg_POD' THEN 'Reg_POD'
WHEN [RegionId] = 'Reg_SE' THEN 'Reg_SE'
WHEN [RegionId] = 'Reg_SF' THEN 'Reg_SF'
WHEN [RegionId] = 'Reg_SW' THEN 'Reg_SW'
WHEN [RegionId] = 'Reg_Taipak' THEN 'Reg_Taipak'
WHEN [RegionId] = 'Reg_TX' THEN 'Reg_TX'
WHEN [RegionId] = 'Reg_CW' THEN 'Reg_CW'
WHEN [RegionId] = 'Reg_MX' THEN 'Reg_MX'
WHEN [RegionId] = 'Reg_WP' THEN 'Reg_WP'
WHEN [RegionId] = 'Reg_PkgAll' THEN 'Reg_PkgAll'
END [SecurityRegionID]
,[RegionDescription],[CreatedDate],[CreatedBy],[UpdatedDate],[UpdatedBy],[IsActive]
FROM [Invoicing].[dbo].[DimRegion]
Vision and Scope Document | SSAS Prototype, Row Level Security (RLS)
© AIM Business Driven Data Solutions, 2019 Page 9 of 9

More Related Content

What's hot

StreamCentral Technical Overview
StreamCentral Technical OverviewStreamCentral Technical Overview
StreamCentral Technical Overview
Raheel Retiwalla
 
Big Data and BI Tools - BI Reporting for Bay Area Startups User Group
Big Data and BI Tools - BI Reporting for Bay Area Startups User GroupBig Data and BI Tools - BI Reporting for Bay Area Startups User Group
Big Data and BI Tools - BI Reporting for Bay Area Startups User Group
Scott Mitchell
 
M 94 4
M 94 4M 94 4
Building Modern Data Platform with AWS
Building Modern Data Platform with AWSBuilding Modern Data Platform with AWS
Building Modern Data Platform with AWS
Dmitry Anoshin
 
2 data warehouse life cycle golfarelli
2 data warehouse life cycle golfarelli2 data warehouse life cycle golfarelli
2 data warehouse life cycle golfarelli
truongthuthuy47
 
BI Masterclass slides (Reference Architecture v3)
BI Masterclass slides (Reference Architecture v3)BI Masterclass slides (Reference Architecture v3)
BI Masterclass slides (Reference Architecture v3)
Syaifuddin Ismail
 
Implementing bi in proof of concept techniques
Implementing bi in proof of concept techniquesImplementing bi in proof of concept techniques
Implementing bi in proof of concept techniques
Ranjith Ramanan
 
MicroStrategy Design Challenges - Tips and Best Practices
MicroStrategy Design Challenges - Tips and Best PracticesMicroStrategy Design Challenges - Tips and Best Practices
MicroStrategy Design Challenges - Tips and Best Practices
BiBoard.Org
 
Graph Analytics
Graph AnalyticsGraph Analytics
Graph Analytics
Khalid Salama
 
Data Warehouse 101
Data Warehouse 101Data Warehouse 101
Data Warehouse 101
PanaEk Warawit
 
Tapdata Product Intro
Tapdata Product IntroTapdata Product Intro
Tapdata Product Intro
Tapdata
 
MicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business DashboardsMicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business Dashboards
MicroStrategy Nederland
 
IRJET- Data Analytics & Visualization using Qlik
IRJET- Data Analytics & Visualization using QlikIRJET- Data Analytics & Visualization using Qlik
IRJET- Data Analytics & Visualization using Qlik
IRJET Journal
 
SAP BW vs Teradat; A White Paper
SAP BW vs Teradat; A White PaperSAP BW vs Teradat; A White Paper
SAP BW vs Teradat; A White Paper
Vipul Neema
 
SMAC - Social, Mobile, Analytics and Cloud - An overview
SMAC - Social, Mobile, Analytics and Cloud - An overview SMAC - Social, Mobile, Analytics and Cloud - An overview
SMAC - Social, Mobile, Analytics and Cloud - An overview
Rajesh Menon
 
Bi an ia with sap sybase power designer
Bi an ia with sap sybase power designerBi an ia with sap sybase power designer
Bi an ia with sap sybase power designer
Jane Kitabayashi
 
Data Warehouse Cloud - Das Ende von SAP BW?
Data Warehouse Cloud - Das Ende von SAP BW?Data Warehouse Cloud - Das Ende von SAP BW?
Data Warehouse Cloud - Das Ende von SAP BW?
ISR Information Products AG
 
MicroStrategy 9 - Extending Business Intelligence
MicroStrategy 9 - Extending Business IntelligenceMicroStrategy 9 - Extending Business Intelligence
MicroStrategy 9 - Extending Business Intelligence
MicroStrategy Nederland
 

What's hot (18)

StreamCentral Technical Overview
StreamCentral Technical OverviewStreamCentral Technical Overview
StreamCentral Technical Overview
 
Big Data and BI Tools - BI Reporting for Bay Area Startups User Group
Big Data and BI Tools - BI Reporting for Bay Area Startups User GroupBig Data and BI Tools - BI Reporting for Bay Area Startups User Group
Big Data and BI Tools - BI Reporting for Bay Area Startups User Group
 
M 94 4
M 94 4M 94 4
M 94 4
 
Building Modern Data Platform with AWS
Building Modern Data Platform with AWSBuilding Modern Data Platform with AWS
Building Modern Data Platform with AWS
 
2 data warehouse life cycle golfarelli
2 data warehouse life cycle golfarelli2 data warehouse life cycle golfarelli
2 data warehouse life cycle golfarelli
 
BI Masterclass slides (Reference Architecture v3)
BI Masterclass slides (Reference Architecture v3)BI Masterclass slides (Reference Architecture v3)
BI Masterclass slides (Reference Architecture v3)
 
Implementing bi in proof of concept techniques
Implementing bi in proof of concept techniquesImplementing bi in proof of concept techniques
Implementing bi in proof of concept techniques
 
MicroStrategy Design Challenges - Tips and Best Practices
MicroStrategy Design Challenges - Tips and Best PracticesMicroStrategy Design Challenges - Tips and Best Practices
MicroStrategy Design Challenges - Tips and Best Practices
 
Graph Analytics
Graph AnalyticsGraph Analytics
Graph Analytics
 
Data Warehouse 101
Data Warehouse 101Data Warehouse 101
Data Warehouse 101
 
Tapdata Product Intro
Tapdata Product IntroTapdata Product Intro
Tapdata Product Intro
 
MicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business DashboardsMicroStrategy - Effective Business Dashboards
MicroStrategy - Effective Business Dashboards
 
IRJET- Data Analytics & Visualization using Qlik
IRJET- Data Analytics & Visualization using QlikIRJET- Data Analytics & Visualization using Qlik
IRJET- Data Analytics & Visualization using Qlik
 
SAP BW vs Teradat; A White Paper
SAP BW vs Teradat; A White PaperSAP BW vs Teradat; A White Paper
SAP BW vs Teradat; A White Paper
 
SMAC - Social, Mobile, Analytics and Cloud - An overview
SMAC - Social, Mobile, Analytics and Cloud - An overview SMAC - Social, Mobile, Analytics and Cloud - An overview
SMAC - Social, Mobile, Analytics and Cloud - An overview
 
Bi an ia with sap sybase power designer
Bi an ia with sap sybase power designerBi an ia with sap sybase power designer
Bi an ia with sap sybase power designer
 
Data Warehouse Cloud - Das Ende von SAP BW?
Data Warehouse Cloud - Das Ende von SAP BW?Data Warehouse Cloud - Das Ende von SAP BW?
Data Warehouse Cloud - Das Ende von SAP BW?
 
MicroStrategy 9 - Extending Business Intelligence
MicroStrategy 9 - Extending Business IntelligenceMicroStrategy 9 - Extending Business Intelligence
MicroStrategy 9 - Extending Business Intelligence
 

Similar to SSAS RLS Prototype | Vision and Scope Document

BI Environment Technical Analysis
BI Environment Technical AnalysisBI Environment Technical Analysis
BI Environment Technical Analysis
Ryan Casey
 
Agile IT: Filling in the Gaps in the Azure vs. AWS debate
Agile IT: Filling in the Gaps in the Azure vs. AWS debateAgile IT: Filling in the Gaps in the Azure vs. AWS debate
Agile IT: Filling in the Gaps in the Azure vs. AWS debate
Joel Brda
 
Microsoft azure architect design exam code az-301
Microsoft azure architect design   exam code az-301Microsoft azure architect design   exam code az-301
Microsoft azure architect design exam code az-301
Zabeel Institute
 
Common Service and Common Data Model by Henry McCallum
Common Service and Common Data Model by Henry McCallumCommon Service and Common Data Model by Henry McCallum
Common Service and Common Data Model by Henry McCallum
KTL Solutions
 
Software as Service
Software as ServiceSoftware as Service
Software as Service
abhigad
 
Your practical reference guide to build an stream analytics solution
Your practical reference guide to build an stream analytics solutionYour practical reference guide to build an stream analytics solution
Your practical reference guide to build an stream analytics solution
Jesus Rodriguez
 
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best PracticesAWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
Amazon Web Services
 
How to build, manage and operate a successful saas business
How to build, manage and operate a successful saas businessHow to build, manage and operate a successful saas business
How to build, manage and operate a successful saas business
kanimozhin
 
Recipe for successful saas company part 1
Recipe for successful saas company part 1Recipe for successful saas company part 1
Recipe for successful saas company part 1
kanimozhin
 
Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1
Techcello
 
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Clustrix
 
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdfData Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
Amazon Web Services
 
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
Amazon Web Services
 
Dynamics ax 2012 development overview
Dynamics ax 2012 development overviewDynamics ax 2012 development overview
Dynamics ax 2012 development overview
Ali Raza Zaidi
 
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
Daniel Zivkovic
 
0.3 aim phases_and_documentations
0.3 aim phases_and_documentations0.3 aim phases_and_documentations
0.3 aim phases_and_documentations
Oracle HRMS Functional Consultant
 
Deep architectural competency for deploying azure solutions
Deep architectural competency for deploying azure solutionsDeep architectural competency for deploying azure solutions
Deep architectural competency for deploying azure solutions
Synergetics Learning and Cloud Consulting
 
Agile Methodology Approach to SSRS Reporting
Agile Methodology Approach to SSRS ReportingAgile Methodology Approach to SSRS Reporting
Agile Methodology Approach to SSRS Reporting
Danielson Samuel
 
BrianMiller CV short 2015
BrianMiller CV short 2015BrianMiller CV short 2015
BrianMiller CV short 2015
Brian Miller
 
Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud
Club Alliances
 

Similar to SSAS RLS Prototype | Vision and Scope Document (20)

BI Environment Technical Analysis
BI Environment Technical AnalysisBI Environment Technical Analysis
BI Environment Technical Analysis
 
Agile IT: Filling in the Gaps in the Azure vs. AWS debate
Agile IT: Filling in the Gaps in the Azure vs. AWS debateAgile IT: Filling in the Gaps in the Azure vs. AWS debate
Agile IT: Filling in the Gaps in the Azure vs. AWS debate
 
Microsoft azure architect design exam code az-301
Microsoft azure architect design   exam code az-301Microsoft azure architect design   exam code az-301
Microsoft azure architect design exam code az-301
 
Common Service and Common Data Model by Henry McCallum
Common Service and Common Data Model by Henry McCallumCommon Service and Common Data Model by Henry McCallum
Common Service and Common Data Model by Henry McCallum
 
Software as Service
Software as ServiceSoftware as Service
Software as Service
 
Your practical reference guide to build an stream analytics solution
Your practical reference guide to build an stream analytics solutionYour practical reference guide to build an stream analytics solution
Your practical reference guide to build an stream analytics solution
 
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best PracticesAWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
 
How to build, manage and operate a successful saas business
How to build, manage and operate a successful saas businessHow to build, manage and operate a successful saas business
How to build, manage and operate a successful saas business
 
Recipe for successful saas company part 1
Recipe for successful saas company part 1Recipe for successful saas company part 1
Recipe for successful saas company part 1
 
Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1Recipe for Successful SaaS Company - Part 1
Recipe for Successful SaaS Company - Part 1
 
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
 
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdfData Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
Data Lakes and Analytics Dow Jones - AWS FS Cloud Symposium Apr 2019.pdf
 
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
 
Dynamics ax 2012 development overview
Dynamics ax 2012 development overviewDynamics ax 2012 development overview
Dynamics ax 2012 development overview
 
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
Canadian Experts Discuss Modern Data Stacks and Cloud Computing for 5 Years o...
 
0.3 aim phases_and_documentations
0.3 aim phases_and_documentations0.3 aim phases_and_documentations
0.3 aim phases_and_documentations
 
Deep architectural competency for deploying azure solutions
Deep architectural competency for deploying azure solutionsDeep architectural competency for deploying azure solutions
Deep architectural competency for deploying azure solutions
 
Agile Methodology Approach to SSRS Reporting
Agile Methodology Approach to SSRS ReportingAgile Methodology Approach to SSRS Reporting
Agile Methodology Approach to SSRS Reporting
 
BrianMiller CV short 2015
BrianMiller CV short 2015BrianMiller CV short 2015
BrianMiller CV short 2015
 
Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud
 

Recently uploaded

Build applications with generative AI on Google Cloud
Build applications with generative AI on Google CloudBuild applications with generative AI on Google Cloud
Build applications with generative AI on Google Cloud
Márton Kodok
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
TeukuEriSyahputra
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Kaxil Naik
 
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
oaxefes
 
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理 原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
tzu5xla
 
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
Vietnam Cotton & Spinning Association
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
Social Samosa
 
Cell The Unit of Life for NEET Multiple Choice Questions.docx
Cell The Unit of Life for NEET Multiple Choice Questions.docxCell The Unit of Life for NEET Multiple Choice Questions.docx
Cell The Unit of Life for NEET Multiple Choice Questions.docx
vasanthatpuram
 
DSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelinesDSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelines
Timothy Spann
 
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
hyfjgavov
 
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
eoxhsaa
 
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
aguty
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Kiwi Creative
 
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
taqyea
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
hqfek
 
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
1tyxnjpia
 
Jio cinema Retention & Engagement Strategy.pdf
Jio cinema Retention & Engagement Strategy.pdfJio cinema Retention & Engagement Strategy.pdf
Jio cinema Retention & Engagement Strategy.pdf
inaya7568
 
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
lzdvtmy8
 
Building a Quantum Computer Neutral Atom.pdf
Building a Quantum Computer Neutral Atom.pdfBuilding a Quantum Computer Neutral Atom.pdf
Building a Quantum Computer Neutral Atom.pdf
cjimenez2581
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
Lars Albertsson
 

Recently uploaded (20)

Build applications with generative AI on Google Cloud
Build applications with generative AI on Google CloudBuild applications with generative AI on Google Cloud
Build applications with generative AI on Google Cloud
 
Template xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptxTemplate xxxxxxxx ssssssssssss Sertifikat.pptx
Template xxxxxxxx ssssssssssss Sertifikat.pptx
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
 
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
一比一原版卡尔加里大学毕业证(uc毕业证)如何办理
 
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理 原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
原版一比一爱尔兰都柏林大学毕业证(UCD毕业证书)如何办理
 
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
[VCOSA] Monthly Report - Cotton & Yarn Statistics March 2024
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
 
Cell The Unit of Life for NEET Multiple Choice Questions.docx
Cell The Unit of Life for NEET Multiple Choice Questions.docxCell The Unit of Life for NEET Multiple Choice Questions.docx
Cell The Unit of Life for NEET Multiple Choice Questions.docx
 
DSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelinesDSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelines
 
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
一比一原版兰加拉学院毕业证(Langara毕业证书)学历如何办理
 
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
一比一原版多伦多大学毕业证(UofT毕业证书)学历如何办理
 
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
一比一原版澳洲西澳大学毕业证(uwa毕业证书)如何办理
 
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging DataPredictably Improve Your B2B Tech Company's Performance by Leveraging Data
Predictably Improve Your B2B Tech Company's Performance by Leveraging Data
 
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
一比一原版(harvard毕业证书)哈佛大学毕业证如何办理
 
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
一比一原版爱尔兰都柏林大学毕业证(本硕)ucd学位证书如何办理
 
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
一比一原版(Sheffield毕业证书)谢菲尔德大学毕业证如何办理
 
Jio cinema Retention & Engagement Strategy.pdf
Jio cinema Retention & Engagement Strategy.pdfJio cinema Retention & Engagement Strategy.pdf
Jio cinema Retention & Engagement Strategy.pdf
 
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
一比一原版格里菲斯大学毕业证(Griffith毕业证书)学历如何办理
 
Building a Quantum Computer Neutral Atom.pdf
Building a Quantum Computer Neutral Atom.pdfBuilding a Quantum Computer Neutral Atom.pdf
Building a Quantum Computer Neutral Atom.pdf
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
 

SSAS RLS Prototype | Vision and Scope Document

  • 1. Vision and Scope Document | SSAS Prototype Row Level Security (RLS) Version 1.0
  • 2. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 2 of 9 Vision Pam Lehmann and Brian Leslie have identified a need to provide Row Level Security (RLS) a Microsoft Application (SQL Server Analysis Services [SSAS]) to service new and existing Sales, Finance, and Operations reports. The source for these reports originate from TricorBraun’s ERP system Microsoft Dynamics 365. There are two Dynamics 365 applications that are currently being considered as sources for this initiative. These Dynamics 365 applications are Sales (CRM) and Finance and Operations. Below are the identified Executive Leadership and Stakeholders from TricorBraun: • Jeff Douglas, VP Sales Effectiveness • Bill Stultz, VP of Finance for System’s Controller, Finance (Executive Champion) • Dave Duxbury, VP of Operations, GSC – Logistics (Executive Champion) • Doug Bolen, Chief Information Officer • Pam Lehmann, Director, Applications, IT • Brain Leslie, Senior Reporting Analyst, IT • Donovan Foster, IT Consultant, PMO, IT • Sarah Thomason, Project Manager • Mike Lang, Consultant - RSM Due to the complexity of this initiative, it has been decided to complete an Azure Analysis Services RLS Prototype before we complete the final, expanded Vision Scope Document and the final Design Document. This Vision Scope Document is of limited scope just for the prototype. As the team at TricorBraun identify and finalize the expanded scope, we will document and append to an Expanded Vision Scope Document intended for the final design and development, not the prototype. It has been decided to use the existing Invoicing Data Mart as our source for the prototype mentioned above. We will be using one (1) existing fact table (FactInvoiceDetail) along with twenty-five (25) existing dimensions. The number of dimensions for this prototype should be reduced to the minimal dimensions required to accomplish the goals of the prototype. Since there are no usable Power BI reports to use to test the Azure Analysis Services RLS prototype, a simple test Power BI report will be created for testing purposes. To accompany this Vision Scope Document (limited scope), we will be conducting a Data Discovery and Analysis that will include a Bus Matrix and Conceptual Models to illustrate the design of the SSAS RLS prototype design pattern being applied to the Invoicing Data Mart. It has been decided that this prototype will apply Azure Analysis Services RLS against the Division, Region, and Customer dimensions. Approach The Azure Analysis Services RLS prototype will require multiple test personas (AD Users) that belong to AD Groups. These AD Groups should represent persona roles for entire company, division, region, branch, and customer. The AD Security Groups need to be created with a UPN to be used with Azure Analysis Services. Azure Analysis Services and Visual Studio 2017 will be used to develop the RLS prototype. The prototype requires us to implement a custom security schema where user roles and the user's place in the organization are used to determine which divisions, regions, and customers a user can access. The prototype will use a user security table and a security bridge table to apply RLS to the user's place in the organization for only one (1) of the following: divisions, regions, or customers for any given user. Our goal for these prototypes is to apply RLS to the most common security scenario, not the exceptions. We have agreed to the idea that the prototypes should target the 80/20 business rule.
  • 3. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 3 of 9 Deliverables Azure Analysis Services RLS has one (1) deliverable: • Development RLS Prototype for Azure Analysis Services Start Date: TBD End Date: TBD o Multiple personas plus Business User Personas o A complex security model using customer dimension (dimension to apply RLS), a bridge table, and a User (contains User Login ID and AD Group Name) table. This design uses Bi-Directional Cross Filtering & support Direct Query o Uses dynamic row level security filters o Uses production data for three (3) business defined security dimension (Division, Region, and Customer) o Manual process to load the security bridge table and the security User table with test data (minimal rows) o 1 Simple, Test Power BI Report to Test SSAS RLS Clarifications These are the clarification for the RLS project: • The business and IT teams will develop and maintain three (3) business defined division, region, & customer dimensions • The business and IT teams will develop and maintain three (3) security bridge tables and ETL for these Bridge tables • The business and IT teams will develop and maintain one (1) security User table and ETL for this User table • The business and IT teams will develop and maintain one (3) security User views (division, region, & customer) • The business and IT teams will maintain (after initial development) four (4+) SSAS Roles o SSAS Roles for Division, Region, Customer, and Total Company • The business and IT teams will develop and maintain one (1) Invoice Star Schema and ETL for that Star Schema • The Power BI (SSAS) prototype and development for RLS will use the division, region, and customer dimensions (dimensions to apply RLS), a bridge table, and a User (contains User Login ID and AD Group Name) table. This deliverable uses Bi-Directional Cross Filtering and will support direct query. • A simple, test Power BI report to test SSAS RLS (1 Fact and no more than 5 dimensions) will be created. Anything more complex will be up to the business and IT teams to develop, unless additional time is provided for such development • Effort estimates are based on 100% resource utilization. Sprints with less than 100% resource utilization, unplanned maintenance, or non-concurrent development blocks of time may result in increased timelines and end dates. How to get the Job Done We will be using the following processes and tools to complete this project and deliverables: • Azure DevOps (VSTS) • Team Foundation Services, or Git (TBD), since both are used at TricorBraun for Source Control and Change Management • We are limiting the work-in-progress by using properly planned deliverables • PBIs, Tasks, and Kanban Boards will be used as part of Azure DevOps (VSTS) o Product backlog o Tasks o Weekly PowerPoint Updates o Sprints are not used at TricorBraun • A scope change log for this document will be used to manage change in an Agile fashion o Name o Description (Impact) o Version o Requested By o Approved By o Date
  • 4. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 4 of 9 Change Log Name Description (Impact) Version Requested By Approved By Date
  • 5. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 5 of 9 Appendix A | Azure Analysis Services, RLS Security Model The RLS prototype and development use a complex security model using division, region, and customer dimensions (dimensions to apply RLS), bridge tables, and User (contains User Login ID and AD Group Name) tables / views. Invoice Detail Customer Date Branch Division Region Customer_Group Bridge Customer User (AD User Name AD Group) Bi-Directional Cross Filter Division_Group Bridge Division User (AD User Name AD Group) Region_Group Bridge Region User (AD User Name AD Group) Bi-Directional Cross Filter Bi-Directional Cross Filter Tricor Braun SSAS Security Model (RLS) =USERNAME(Division User[AD User Name]) DAX Security Filter Example =USERNAME(Division User[AD User Name]) DAX Security Filter Example Invoice Detail Customer Date Branch Division Region Customer_Group Bridge Customer User (AD User Name AD Group) Bi-Directional Cross Filter Division_Group Bridge Division User (AD User Name AD Group) Region_Group Bridge Region User (AD User Name AD Group) Bi-Directional Cross Filter Bi-Directional Cross Filter Tricor Braun SSAS Security Model (RLS) =USERNAME(Division User[AD User Name]) DAX Security Filter Example * Note: Model is a subset of the actual dimensions to demonstrate how the new security tables integrate with the existing model.
  • 6. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 6 of 9 Appendix B | DimDivision, Division Security Bridge and User Security Table Division Security BridgeDivision Security Bridge User SecurityUser Security DimDivisionDimDivision Fact Invoice DetailFact Invoice Detail Row Level Security | DimDivision, Division Security Bridge and User Security Table AD Group NameAD Group NamePKPK DivisonSecurityIDDivisonSecurityIDPKPK AD User NameAD User NamePKPK AD Group NameAD Group Name DivisionKeyDivisionKeyPKPK DivisionDescriptionDivisionDescription DivisionIDDivisionID DivisonSecurityIDDivisonSecurityID SortOrderSortOrder IsActiveIsActive CompanyKeyCompanyKeyPKPK DivisionKeyDivisionKeyPKPK RegionKeyRegionKeyPKPK BranchKeyBranchKeyPKPK Additional PKs...Additional PKs...PKPK attribute names...attribute names... ** Division Security ID is the current Division IDs Only (no history) Division Security Bridge User Security DimDivision Fact Invoice Detail Row Level Security | DimDivision, Division Security Bridge and User Security Table AD Group NamePK DivisonSecurityIDPK AD User NamePK AD Group Name DivisionKeyPK DivisionDescription DivisionID DivisonSecurityID SortOrder IsActive CompanyKeyPK DivisionKeyPK RegionKeyPK BranchKeyPK Additional PKs...PK attribute names... ** Division Security ID is the current Division IDs Only (no history) Division Security BridgeDivision Security Bridge User SecurityUser Security DimDivisionDimDivision Fact Invoice DetailFact Invoice Detail Row Level Security | DimDivision, Division Security Bridge and User Security Table AD User NameAD User NamePKPK DivisonSecurityIDDivisonSecurityIDPKPK AD User NameAD User NamePKPK DivisionKeyDivisionKeyPKPK DivisionDescriptionDivisionDescription DivisionIDDivisionID DivisonSecurityIDDivisonSecurityID SortOrderSortOrder IsActiveIsActive CompanyKeyCompanyKeyPKPK DivisionKeyDivisionKeyPKPK RegionKeyRegionKeyPKPK BranchKeyBranchKeyPKPK Additional PKs...Additional PKs...PKPK attribute names...attribute names... ** Division Security ID is the current Division IDs Only (no history) Division Security Bridge User Security DimDivision Fact Invoice Detail Row Level Security | DimDivision, Division Security Bridge and User Security Table AD User NamePK DivisonSecurityIDPK AD User NamePK DivisionKeyPK DivisionDescription DivisionID DivisonSecurityID SortOrder IsActive CompanyKeyPK DivisionKeyPK RegionKeyPK BranchKeyPK Additional PKs...PK attribute names... ** Division Security ID is the current Division IDs Only (no history)
  • 7. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 7 of 9 Appendix C | Security Division ID -- [Invoicing].[dbo].[DimDivision] with SecurityDivisionID SELECT TOP (1000) [DivisionKey] ,[DivisionId] ,CASE WHEN [DivisionId] = 'Central' THEN 'Central' WHEN [DivisionId] = 'Div_CCE' THEN 'Div_CCE' WHEN [DivisionId] = 'Div_Intl' THEN 'Div_Intl' WHEN [DivisionId] = 'Div_MNA' THEN 'Div_MNA' WHEN [DivisionId] = 'Div_NE' THEN 'Div_NE' WHEN [DivisionId] = 'Div_NW' THEN 'Div_NW' WHEN [DivisionId] = 'Div_Other' THEN 'Div_Other' WHEN [DivisionId] = 'Div_PkgAll' THEN 'Div_PkgAll' WHEN [DivisionId] = 'Div_PNW' THEN 'Div_PNW' WHEN [DivisionId] = 'Div_SE' THEN 'Div_SE' WHEN [DivisionId] = 'Div_SW' THEN 'Div_SW' WHEN [DivisionId] = 'Div_Taipak' THEN 'Div_Taipak' WHEN [DivisionId] = 'Div_WP' THEN 'Div_WP' WHEN [DivisionId] = 'International' THEN 'International' WHEN [DivisionId] = 'Midwest' THEN 'Midwest' WHEN [DivisionId] = 'MNA_Div' THEN 'MNA_Div' WHEN [DivisionId] = 'Other' THEN 'Other' WHEN [DivisionId] = 'PNW_Div' THEN 'PNW_Div' WHEN [DivisionId] = 'Taipak_Div' THEN 'Taipak_Div' WHEN [DivisionId] = 'Unknown' THEN 'Unknown' WHEN [DivisionId] = 'West' THEN 'West' WHEN [DivisionId] = 'Wine' THEN 'Wine' END [SecurityDivisionID] ,[DivisionDescription] ,[CreatedDate] ,[CreatedBy] ,[UpdatedDate] ,[UpdatedBy] ,[SortOrder] ,[IsActive] FROM [Invoicing].[dbo].[DimDivision] ORDER BY [DivisionId]
  • 8. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 8 of 9 Appendix D | Security Region ID -- [Invoicing].[dbo].[DimRegion] with SecurityRegionID-- SELECT TOP (1000) [RegionKey] ,[RegionId] ,CASE WHEN [RegionId] = 'Acedo' THEN 'Acedo' WHEN [RegionId] = 'Binkowski' THEN 'Binkowski' WHEN [RegionId] = 'Borras' THEN 'Borras' WHEN [RegionId] = 'Bottene' THEN 'Bottene' WHEN [RegionId] = 'Briggs' THEN 'Briggs' WHEN [RegionId] = 'Caldwell' THEN 'Caldwell' WHEN [RegionId] = 'Canada' THEN 'Canada' WHEN [RegionId] = 'Danheiser' THEN 'Danheiser' WHEN [RegionId] = 'Davis' THEN 'Davis' WHEN [RegionId] = 'DuClos' THEN 'DuClos' WHEN [RegionId] = 'Europe' THEN 'Europe' WHEN [RegionId] = 'Forbes' THEN 'Forbes' WHEN [RegionId] = 'Gibbs' THEN 'Gibbs' WHEN [RegionId] = 'Kliska' THEN 'Kliska' WHEN [RegionId] = 'Logue' THEN 'Logue' WHEN [RegionId] = 'Mexico' THEN 'Mexico' WHEN [RegionId] = 'MidAtlantic' THEN 'MidAtlantic' WHEN [RegionId] = 'MidMountain' THEN 'MidMountain' WHEN [RegionId] = 'MidSouth' THEN 'MidSouth' WHEN [RegionId] = 'Midwest' THEN 'Midwest' WHEN [RegionId] = 'Muster' THEN 'Muster' WHEN [RegionId] = 'Northeast' THEN 'Northeast' WHEN [RegionId] = 'Northwest' THEN 'Northwest' WHEN [RegionId] = 'Other' THEN 'Other' WHEN [RegionId] = 'OtherRegion' THEN 'OtherRegion' WHEN [RegionId] = 'PkgDesign' THEN 'PkgDesign' WHEN [RegionId] = 'POD' THEN 'POD' WHEN [RegionId] = 'PODRegion' THEN 'PODRegion' WHEN [RegionId] = 'SalesInit' THEN 'SalesInit' WHEN [RegionId] = 'Simpson' THEN 'Simpson' WHEN [RegionId] = 'Small' THEN 'Small' WHEN [RegionId] = 'Southeast' THEN 'Southeast' WHEN [RegionId] = 'Southwest' THEN 'Southwest' WHEN [RegionId] = 'Taylor' THEN 'Taylor' WHEN [RegionId] = 'Texas' THEN 'Texas' WHEN [RegionId] = 'Unknown' THEN 'Unknown' WHEN [RegionId] = 'WinePak' THEN 'WinePak' WHEN [RegionId] = 'Taipak_Reg' THEN 'Taipak_Reg' WHEN [RegionId] = 'MNA_Reg' THEN 'MNA_Reg' WHEN [RegionId] = 'PNW_Reg' THEN 'PNW_Reg' WHEN [RegionId] = 'San_Fran_Reg' THEN 'San_Fran_Reg' WHEN [RegionId] = 'Reg_CE' THEN 'Reg_CE' WHEN [RegionId] = 'Reg_EU' THEN 'Reg_EU' WHEN [RegionId] = 'Reg_MME' THEN 'Reg_MME' WHEN [RegionId] = 'Reg_MNA' THEN 'Reg_MNA' WHEN [RegionId] = 'Reg_MS' THEN 'Reg_MS' WHEN [RegionId] = 'Reg_MW' THEN 'Reg_MW' WHEN [RegionId] = 'Reg_NE' THEN 'Reg_NE' WHEN [RegionId] = 'Reg_Other' THEN 'Reg_Other' WHEN [RegionId] = 'Reg_PNW' THEN 'Reg_PNW' WHEN [RegionId] = 'Reg_POD' THEN 'Reg_POD' WHEN [RegionId] = 'Reg_SE' THEN 'Reg_SE' WHEN [RegionId] = 'Reg_SF' THEN 'Reg_SF' WHEN [RegionId] = 'Reg_SW' THEN 'Reg_SW' WHEN [RegionId] = 'Reg_Taipak' THEN 'Reg_Taipak' WHEN [RegionId] = 'Reg_TX' THEN 'Reg_TX' WHEN [RegionId] = 'Reg_CW' THEN 'Reg_CW' WHEN [RegionId] = 'Reg_MX' THEN 'Reg_MX' WHEN [RegionId] = 'Reg_WP' THEN 'Reg_WP' WHEN [RegionId] = 'Reg_PkgAll' THEN 'Reg_PkgAll' END [SecurityRegionID] ,[RegionDescription],[CreatedDate],[CreatedBy],[UpdatedDate],[UpdatedBy],[IsActive] FROM [Invoicing].[dbo].[DimRegion]
  • 9. Vision and Scope Document | SSAS Prototype, Row Level Security (RLS) © AIM Business Driven Data Solutions, 2019 Page 9 of 9