One Hop, Two Hop, Three Hop and you are screwed...
So when you are building your PerformancePoint Server solutions, if you have everything on one machine it works great, but when you setup seperate machines, security always becomes kind of a pain. You need to setup Kerberos to setup trust between the web and database servers if you want the users credentials to pass over to the data sources.
If you do not need that and can live with a hard coded credential, you can use a custom data connection string to impersonate a user. Only one user. I used the following web site to create my string.
http://www.ssas-info.com/ssas_articles/ssas_articles/analysis_services_2000_and_2005_connection_string_properties.html
or here is a string to use
Provider=msolap.3;Datasource=olapservername;Initial Catalog=olapdatabasename;User ID=domain\alias;Password=password;Impersonation Level=Impersonate;