Secure OLAP Reporting Architectures: Integrating Role-based Access Control and Query Execution Plan Optimization for Enterprise Analytical Environments

Multidimensional structures in enterprise analytical reporting environments, complex query languages in MDX, and the performance sensitivity of analytical workloads to the overhead of enforcing security are unique information security issues that must be addressed. Conventional role-based access control (RBAC) solutions that are developed for relational database systems are not sufficient for OLAP systems because OLAP imposes access control requirements that go beyond the row and column granularity used in relational-based access control. In this paper, an integrated approach to secure OLAP reporting is proposed in which the RBAC principles are extended to dimensional security, which defines the access to the dimension members, measure groups and aggregation level, and in addition, query execution plans are optimized to reduce the performance impact of the security enforcement operations. The framework is illustrated by enterprise SQL Server Reporting Services (SSRS) and Analysis Services deployments, with the finding of being 22.3% faster than security filtering in queries after they have been written with an equivalent level of fidelity in access control. The findings provide practical implications for enterprise reporting architectures that support client organizations with a dispersed data access authorization requirement throughout the globe.