教程:配置服务器管理员和用户角色Tutorial: Configure server administrator and user roles

本教程介绍如何使用 SQL Server Management Studio (SSMS) 连接到 Azure 中的服务器,以便配置服务器管理员和模型数据库角色。In this tutorial, you use SQL Server Management Studio (SSMS) to connect to your server in Azure to configure server administrator and model database roles. 此外还介绍表格模型脚本语言 (TMSL)You're also introduced to Tabular Model Scripting Language (TMSL). TMSL 是基于 JSON 的脚本语言,适用于 1200 和更高兼容级别的表格模型。TMSL is a JSON-based scripting language for tabular models at the 1200 and higher compatibility levels. 它可以用来自动执行许多表格建模任务。It can be used to automate many tabular modeling tasks. TMSL 通常与 PowerShell 配合使用,但在本教程中,请在 SSMS 中使用 XMLA 查询编辑器。TMSL is often used with PowerShell, but in this tutorial, you use the XMLA query editor in SSMS. 使用本教程时,请完成以下任务:With this tutorial, you complete these tasks:

  • 从门户获取服务器名称Get your server name from the portal
  • 使用 SSMS 连接到服务器Connect to your server by using SSMS
  • 将用户或组添加到服务器管理员角色Add a user or group to the server administrator role
  • 将用户或组添加到模型数据库管理员角色Add a user or group to the model database administrator role
  • 添加新的模型数据库角色并添加用户或组Add a new model database role and add a user or group

若要详细了解 Azure Analysis Services 中的用户安全性,请参阅身份验证和用户权限To learn more about user security in Azure Analysis Services, see Authentication and user permissions.

必备条件Prerequisites

登录到 Azure 门户Sign in to the Azure portal

登录门户Sign in to the portal.

获取服务器名称Get server name

若要从 SSMS 连接到服务器,首先需要服务器名称。In order to connect to your server from SSMS, you first need the server name. 可以从门户获取服务器名称。You can get the server name from the portal.

Azure 门户中,单击“服务器”>“概述” > “服务器名称” ,并复制服务器名称。In Azure portal > server > Overview > Server name, copy the server name.

在 Azure 中获取服务器名称

在 SSMS 中连接Connect in SSMS

对于余下的任务,请使用 SSMS 连接到服务器并对其进行管理。For the remaining tasks, you use SSMS to connect to and manage your server.

  1. 在 SSMS >“对象资源管理器” 中,单击“连接” > “Analysis Services” 。In SSMS > Object Explorer, click Connect > Analysis Services.

    连接

  2. 在“连接到服务器”对话框的“服务器名称”中,粘贴从门户复制的服务器名称。 In the Connect to Server dialog box, in Server name, paste in the server name you copied from the portal. 在“身份验证” 中选择“具有 MFA 支持的 Active Directory 通用版” , 输入用户帐户,然后按“连接”。In Authentication, choose Active Directory Universal with MFA Support, then enter your user account, and then press Connect.

    在 SSMS 中连接

    Tip

    建议选择“具有 MFA 支持的 Active Directory 通用版”。Choosing Active Directory Universal with MFA Support is recommended. 这种身份验证类型支持非交互式多重身份验证This type of authentication type supports non-interactive and multi-factor authentication.

  3. 在“对象资源管理器” 中,以展开方式查看服务器对象。In Object Explorer, expand to see server objects. 右键单击即可查看服务器属性。Right-click to see server properties.

    在 SSMS 中连接

将用户帐户添加到服务器管理员角色Add a user account to the server administrator role

在此任务中,请将用户或组帐户从 Azure AD 添加到服务器管理员角色。In this task, you add a user or group account from your Azure AD to the server administrator role. 如果要添加安全组,必须将 MailEnabled 属性设置为 TrueIf you're adding a security group, it must have the MailEnabled property set to True.

  1. 在“对象资源管理器”中,右键单击服务器名称,然后单击“属性”。 In Object Explorer, right-click your server name, and then click Properties.

  2. 在“Analysis Server 属性” 窗口中,单击“安全性” > “添加”。In the Analysis Server Properties window, click Security > Add.

  3. 在“选择用户或组”窗口的 Azure AD 中输入用户或组帐户,然后单击“添加”。 In the Select a User or Group window, enter a user or group account in your Azure AD, and then click Add.

    添加服务器管理员

  4. 单击“确定” ,关闭“Analysis Server 属性” 。Click OK, to close Analysis Server Properties.

    Tip

    也可在门户中使用“Analysis Services 管理员”来添加服务器管理员。 You can also add server administrators by using Analysis Services Admins in the portal.

将用户添加到模型数据库管理员角色Add a user to the model database administrator role

在此任务中,请将用户或组帐户添加到已存在于模型中的“Internet 销售管理员”角色。In this task, you add a user or group account to the Internet Sales Administrator role that already exists in the model. 此角色具有 adventureworks 示例模型数据库的完全控制(管理员)权限。This role has Full control (Administrator) permissions for the adventureworks sample model database. 此任务在为你创建的脚本中使用 CreateOrReplace TMSL 命令。This task uses the CreateOrReplace TMSL command in a script created for you.

  1. 在“对象资源管理器” 中,展开“数据库” > “adventureworks” > “角色”。In Object Explorer, expand Databases > adventureworks > Roles.

  2. 右键单击“Internet 销售管理员”, 然后单击“充当的脚本角色” > “CREATE OR REPLACE TO” > “新建查询编辑器窗口”。Right-click Internet Sales Administrator, then click Script Role as > CREATE OR REPLACE To > New Query Editor Window.

    新建查询编辑器窗口

  3. 在“XMLAQuery”中将“memberName:”的值更改为 Azure AD 中的某个用户或组帐户。 In the XMLAQuery, change the value for "memberName": to a user or group account in your Azure AD. 默认情况下,已经包括登录时使用的帐户;但是,你不需添加自己的帐户,因为你已经是服务器管理员。By default, the account you're signed in with is included; however, you do not need to add your own account because you are already a server administrator.

    XMLA 查询中的 TMSL 脚本

  4. F5 执行脚本。Press F5, to execute the script.

添加新的模型数据库角色并添加用户或组Add a new model database role and add a user or group

在此任务中,请使用 TMSL 脚本中的 Create 命令创建一个新的 Internet 销售全局角色,为该角色指定读取 权限,然后从 Azure AD 添加用户或组帐户。In this task, you use the Create command in a TMSL script to create a new Internet Sales Global role, specify read permissions for the role, and add a user or group account from your Azure AD.

  1. 在“对象资源管理器”中右键单击“adventureworks”,然后单击“新建查询” > “XMLA”。 In Object Explorer, right-click adventureworks, and then click New Query > XMLA.

  2. 将以下 TMSL 脚本复制并粘贴到查询编辑器中:Copy and paste the following TMSL script into the query editor:

    {
    "create": {
      "parentObject": {
        "database": "adventureworks",
       },
       "role": {
         "name": "Internet Sales Global",
         "description": "All users can query model data",
         "modelPermission": "read",
         "members": [
           {
             "memberName": "globalsales@adventureworks.com",
             "identityProvider": "AzureAD"
           }
         ]
       }
      }
    }
    
  3. "memberName": "globalsales@adventureworks.com" 对象值更改为 Azure AD 中的用户或组帐户。Change "memberName": "globalsales@adventureworks.com" object value to a user or group account in your Azure AD.

  4. F5 执行脚本。Press F5, to execute the script.

验证所做的更改Verify your changes

  1. 在“对象资源管理器”中单击服务器名,然后单击“刷新”或按 F5In Object Explorer, click your servername, and then click Refresh or press F5.

  2. 展开“数据库” > “adventureworks” > “角色”。 Expand Databases > adventureworks > Roles. 验证在前述任务中添加的用户帐户和新角色更改是否显示。Verify the user account and new role changes you added in the previous tasks appear.

    在对象资源管理器中验证

清理资源Clean up resources

不再需要用户或组帐户和角色时,请将其删除。When no longer needed, delete the user or group accounts and roles. 为此,请通过“角色属性” > “成员身份”删除用户帐户,或者右键单击某个角色,然后单击“删除”。 To do so, use Role Properties > Membership to remove user accounts, or right-click a role and then click Delete.

后续步骤Next steps

本教程介绍了如何连接到 Azure AS 服务器并浏览 SSMS 中的 adventureworks 示例模型数据库和属性。In this tutorial, you learned how to connect to your Azure AS server and explore the adventureworks sample model databases and properties in SSMS. 此外还介绍了如何使用 SSMS 和 TMSL 脚本将用户或组添加到现有的和新的角色。You also learned how to use SSMS and TMSL scripts to add users or groups to existing and new roles. 为服务器和示例模型数据库配置用户权限以后,你和其他用户即可使用客户端应用程序(例如 Power BI)连接到该服务器。Now that you have user permissions configured for your server and sample model database, you and other users can connect to it by using client applications like Power BI. 若要了解详细信息,请继续阅读下一个教程。To learn more, continue to the next tutorial.