1) Kerberos

user make authentication into EPM with their windows account with Windows Integrated Security after that delegation allows to pass those credentials to SSAS and configure security permissions differently

 

Restrictions:

- one user - one domain AD account

- can be used only within one domain and in Intranet only

 


2) OLAP users based security:

each role in EPM can be associated with specific OLAP account per cube

 

EPM authentication:

- BASIC or NTLM

 

SSAS (NTLM or BASIC):

- mapping between EPM user account and role

- OLAP account per role per cube

- security configured per OLAP user account

 


3) Basic pass through authentication :

 

EPM:

- Basic authentication

 

SSAS (NTLM or BASIC):

- same credentials sent to analytic services