This document gives some security recommendations related to Analysis Models.
The IFS Build Home, containing the source code for Analysis Models after running the IFS Configuration Builder, as well as the Analysis Models Instance Home, containing the Analysis Models instance after running the AM Installer, are both recommended to be secured to avoid being tampered with. This is a general security recommendation related to Threat Modeling.
When accessing an SSAS (SQL Server Analysis Services) OLAP cube via IFS Lobby or KPI Services (from IFS Applications 10 UPD6), it is important to secure the communication between the IFS MWS (Middle Ware Server) and SSAS. SSAS will be accessed using the msmdpump.dll related to a specific SSAS Database Instance. The basic principle will be to configure IIS (Microsoft Internet Information Services) to use https when configuring access to the msmdpump.dll, meaning that the MWS will communicate with IIS using a secure protocol. For more info look up the how to install the IFS Middle Ware Server.
When accessing an SSAS OLAP cube via IFS Lobby or KPI Services (from IFS Applications 10 UPD6), it is necessary to make an impersonation so that the authorization in SSAS will be handled using an effective user name. The way this is handled in IFS Applications is to use an end user mapping functionality, where an IFS end user is mapped to an SSAS user. For more information, please refer to the following link >>
Important here is to make sure that access to the form/page where the user mapping is done is restricted to a limited number of users. Else there is a risk that an end user can change the mapping to get hold of unauthorized information when accessing SSAS OLAP cubes.