<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<STYLE type=text/css><!-- DIV {margin:0px;} --></STYLE>
<META content="MSHTML 6.00.6000.16414" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Verdana color=#000080
size=2></FONT> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000080 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> mondrian-bounces@pentaho.org
[mailto:mondrian-bounces@pentaho.org] <B>On Behalf Of </B>Pedro
Casals<BR><B>Sent:</B> Friday, March 16, 2007 4:34 AM<BR><B>To:</B>
mondrian@pentaho.org<BR><B>Subject:</B> [Mondrian] XMLA
Security<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV>Hello:</DIV>
<DIV> </DIV>
<DIV>I'm working on mondrian XMLA security and I have some doubts: The
scenario is that you have a role that restricts the access to the two
upper levels of an hierarchy (this hierarchy has four levels).</DIV>
<DIV> </DIV>
<DIV>1st. I belive that the XMLA client should not be aware that this
hierarchy has 4 levels. Do yo agree? This is the way JPivot is
working. <SPAN class=890340000-17032007><FONT face=Verdana color=#000080
size=2> </FONT></SPAN></DIV>
<DIV><SPAN class=890340000-17032007></SPAN> </DIV></DIV></BLOCKQUOTE>
<DIV><SPAN class=890340000-17032007><FONT face=Verdana color=#000080
size=2>Seems reasonable. How can a restricted client tell that there are 4
levels right now? I'm guessing (a) the Hierarchy.getLevels() method and (b) the
Level.getDepth() method. We could add versions of those methods to SchemaReader,
and make jpivot/xmla call them.</FONT></SPAN></DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000080 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face=Verdana color=#000080 size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">2nd.
Provided you agree with the previous point, what do you think would be the
best strategy?: On one hand, upon cube defition load we could arrange the
cube definition to match the role restriction. On the other hand, we could go
on all XMLA request and filter it.</DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Doing
it with the first strategy, it looks like its easier to manage. However, I see
pooled cubes and I do not know if these pooled cubes are shared among several
XMLA clients. Should this be the case, we should have to go through the second
way.</DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Doing
it the second strategy, we have to deal with all different XMLA requests,
which should take more work, but looks safe, since no one could workaround
security writing direct MDX.<SPAN class=890340000-17032007><FONT face=Verdana
color=#000080 size=2> </FONT></SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007></SPAN> </DIV></BLOCKQUOTE>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080 size=2>It's laudable
to create an entire metadata API which includes access-control. But it's a lot
of work. We took the simpler route, which is the SchemaReader
interface.</FONT></SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080 size=2>So, the client
(XMLA or JPivot) is an 'insider'. It is allowed full access to the catalog, but
for things it is displaying to the user, it uses the SchemaReader
facade.</FONT></SPAN></DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000080 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007> </SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT
face=Verdana color=#000080 size=2></FONT> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">3rd.
Is there a way to restrict a measure to a role?<SPAN
class=890340000-17032007><FONT face=Verdana color=#000080
size=2> </FONT></SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007></SPAN> </DIV></BLOCKQUOTE>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080 size=2>You can
restrict access to any given set of members in a hierarchy. That includes the
Measures hierarchy.</FONT></SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080 size=2>Take a look at
the AccessControlTest. That is the spec. Anything you need but which isn't
tested, please add and contribute. If anything doesn't work, contribute the test
and log a bug.</FONT></SPAN></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080
size=2></FONT></SPAN> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><SPAN
class=890340000-17032007><FONT face=Verdana color=#000080
size=2>Julian</FONT></SPAN></DIV></BODY></HTML>