Hi,
To simplify our problem, say we havethree users belonging toa number ofactive directory groups (all users have the exact same setup). Users A and B, can open views on the PAS in web standard mode, but User C cannot.
Whenever User C tries to open a view, he gets an error message, saying that the cube cannot be found and the following is entered into the ProClarity log:
Event Type: Information Event Source: ProClarity Server Event Category: None Event ID: 2 Date: 2009-09-11 Time: 10:53:30 User: AD\USERNAME Computer: COMPUTERNAME Description: Information. Accessing page "testpage" ({C09E9BFA-C49C-4AED-9F8B-13F099C9F828}) from book "testbook" ({04CA59E8-8149-40A8-AEEF-641176ADFB9A}) Cache File Name: (unknown) Call Stack: Location: line #318 of file OlapSession.cpp - Error-code: (0xbba), Error-number: 0x80004005 - Caught exception in COlapSession::ConnectToKSession() Location: line #361 of file PoolConnect.cpp - Error-code: (0xbba), Error-number: 0x80004005 - Connection Failure in call to Session->ConnectToKSession() Location: line #214 of file PoolConnect.cpp - Error-code: (0xbba), Error-number: 0x80004005 - Error - RealConnect() in CPool::AllocSession() Provider: 0x1E35D49C:{176941F9-18E8-47D6-860D-006FF2655608} Server: 0x17846FAC:SERVERNAME Database: 0x17845594:DBNAME Cube: 0x1784687C:[CUBENAME] OLAPRoleMembershipList: 0x0EAA614C: PreferredSessionID: 0x-1 Location: line #677 of file PConnection.cpp - Error-code: (0x3c), Error-number: 0x80004005 - Could not establish a session for user Location: line #6780 of file QueryImpl.cpp - Error-code: (0x3c), Error-number: 0x80004005 Location: line #6757 of file QueryImpl.cpp - Error-code: (0xe), Error-number: 0x80004005 - CreateOlapRolesForConnInfo() Location: line #14773 of file QueryImpl.cpp - Error-code: (0x1c), Error-number: 0x80004005 - Error -- GetOlapRolesForConnInfo() call Location: line #14180 of file QueryImpl.cpp - Error-code: (0x3c), Error-number: 0x80004005 Query Connection XML: <ConnectionInfo><Provider Name="{176941F9-18E8-47D6-860D-006FF2655608}" Caption="MSOLAP"/><Server Name="SERVERNAME"/><Catalog Name="DBNAME"/><Cube Name="[CUBENAME]" Caption="CUBENAME"/> <Schema Name=""/><LocalServer Name="SERVERNAME"/></ConnectionInfo>
These users only have acces to the web standard interface.
We've verified that they have access by impersonating the users in management studio and the PAS security is working in the sense that they can only see libraries and books for which they have been granted access.
We have kerberos setup between the PAS-server and the SSAS-server and this is working as expected, since User A and B which share security setup with User C can open the views.
We've tested by creating new libraries and books, but we still can't get it to work for User C.
Hope you can help us figure this out.
Edit: I forgot to mention that I did a search on the forums before posting this and have tried the workarounds I found, they don't seem toremedy ourproblem.