Roles Report

The main purposes of this Roles Report are the following goals:
  1. To recursively list the members of the role and the members of groups so that you can easily determine which members actually have access via each role.
  2. To identify members of roles which will not have the desired effect. Specifically if a role references an Active Directory group which is a distribution group instead of a security group, members of that group will not gain the access granted with the role. This report highlights this situation.
  3. To identify members of roles which are invalid and which are causing the "no mapping between account names and security IDs was done" error during deployment.
  4. To summarize all the security permissions granted via the roles instead of having to click into dozens of screens to find this information.
  5. To serve as documentation which can be printed or archived or sent to non-developers.

Right-clicking on the Roles folder in an SSAS project lets you open a report summarizing everything about the setup of those roles:
RolesReportMenu.png

The first pages of the report list the members of each role:
RolesReportMembersScreenshot.png

The other pages detail the permissions granted in each role such as the following summary of dimension data security:
RolesReportDimSecurityScreenshot.png

For a more complete example, download a sample report.


Note: This report can take several minutes to run. Be patient.

Note: Many thanks to Edward Melomed for letting BIDS Helper borrow some code from his ASValidateUsers tool.

Last edited May 11, 2010 at 12:28 PM by dgosbell, version 4

Comments

dgosbell May 13, 2010 at 12:40 AM 
Hi Tiago,

Unfortunately the creation of add-ins for SSMS is not officially supported by Microsoft and even though SSMS is based on a Visual Studio shell, this functionality has been explicitly disabled by the product team. It's not impossible to build an add-in for SSMS and there are some commercial ones available (like SQL Prompt) it's just a lot harder than doing so for BIDS and harder than it should be. We don't currently have plans to port any features to an SSMS add-in but if we ever did, this feature would definitely be a good one to port across.

Darren

renteta May 11, 2010 at 3:12 PM 
Would it be possible to add this functionality to SSMS?

The team responsible to create/manage the roles only have access to the SSMS and the information provided by this funcionality is vital for their work.

Thanks,
Tiago.