Dear SSAS Tabular Gurus!
We are setting up an automated build/release-pipeline for a SQL Server Analysis Server Tabular model (SSAS Tabular). For this, we are using Visual Studio Team Services (VSTS) and PowerShell. It will target 3 parallel environments:
- (localdb)\ProjectsV13 <- SSAS-integrated workspace
- SQL-dev <- SSAS-dev
- SQL-test <- SSAS-test
- SQL-prod <- SSAS-prod
When SSAS is deployed, there are two impersonation methods for connecting to source data:
- Specific Windows account. (A special data-reader account.)
- Service account. (The process running the SSAS service.)
It is recommended you specify a Windows user account and password for impersonation credentials. A Windows user account can be configured to use least privileges necessary to connect to and read data from the data source. Impersonation (SSASTabular)
Now, we try to follow the recommended practice with windows account. Whether deploying through Visual Studio (SSDT) or the Deployment Wizard, the password for the windows account is entered in a separate pop-up box. These credentials are stored directly in-memory of the SSAS instance, until the it is restarted or re-deployed. The password is (luckily) never written in deploy scripts. Now, we automate this using PowerShell to replace environment-specific SQL/SSAS targets in the deploy files, and deploy with the deployment utility. Everything works, except:
How do we programatically set the passwords directly on the server post-deployment?
We can manually set the password via SSMS, but we require automation. We are also concerned that a possible server-restart will require manual password entry. We have tried libraries Analysis Management Objects (AMO) and Tabular Object Model (TOM), but not found a way to set the password.