Hello everyone,<br><br>I'm working on a case about roles and access rights. I have the following scenario. <br><br>A CalculatedMeasure in the schema has a formula which is based on the members of a given level in a given hierarchy. There is one role defined. The role is only allowed to view the All Member level, not it's children. The role can also access the calculated member. So let's say:<br>
<br><ul><li>Cube</li><ul><li>Dimension</li><ul><li>Hierarchy</li><ul><li>All Member level</li><ul><li>Foo level</li></ul></ul></ul><li>Calculated Member<br> <i>(references "Foo level")</i><br></li><li>Role</li>
<ul><li>Cube grant<br></li><li>Heriarchy grant on "All Member Level" only</li></ul></ul></ul>When a query is executed with the defined role privileges, the calculated member returns no data, because Mondrian uses the role's access rights to resolve the members of the Foo level. <br>
<br>Is this the correct behavior, or should calculated members that are part of the core schema (not the query inline ones) give the role an implicit access right? I'm puzzled as to decide if this is a bug or not. It has some obvious security implications. IMO, things are fine as they are, but I thought I'd seek a second opinion.<br>
<br>Cheers!<br>