Starting with MSAS 2005, we have a server administrator role whose members can change server properties, create/drop databases, and perform all other tasks on the server. Within each database you can have a role that has full permissions to the database; alternatively, you can specify more granular access. As with the earlier releases of software, you can secure access at cube, dimension, or even at individual cell level. Unlike the older versions, MSAS 2005 and 2008 no longer load “shadow” dimensions into memory for each role when you start the service, so you can safely have dozens of roles even with large databases, without bringing the server to its knees. SSMS allows providing read-only or read-write access to each cube, granting access for running drill-through queries and for creating local cubes. You can also restrict access to each dimension, specify allowed/denied dimension members, or write advanced multi-dimensional expressions (MDX) for dynamic security. Another area of MSAS security is defining permissions and impersonation level for assemblies.