<p dir="ltr">You are right. Using the DSP will segment your cache in as many segments as there are schemas. Programmatic roles are recommended. </p>
<p dir="ltr">Luc</p>
<div class="gmail_quote">On Dec 7, 2012 11:15 AM, "Nizar Mabroukeh" <<a href="mailto:nmabroukeh@crosscommercemedia.com">nmabroukeh@crosscommercemedia.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thank you for the elaborate help.<br>I was actually planning to extend MDXConnection and PentahoXmlaServlet because I am using XMLA calls to Mondrian. But the DSP looks tempting, won't it degrade the cache performance though, I remember I read some where in Jira that using DSP is discouraged, <br>
<div class="gmail_extra"><br clear="all"><div><div> Nizar</div></div><br>
<br><br><div class="gmail_quote">On Fri, Dec 7, 2012 at 11:05 AM, Paul Stoellberger <span dir="ltr"><<a href="mailto:p.stoellberger@gmail.com" target="_blank">p.stoellberger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">Well thats easy then, I guess I would use the dynamic schema processor as its the easiest / simplest way.<div>You can access the Pentaho Session (for name + roles) like that: </div><div>
<font face="Monaco"><span style="font-size:11px"><div>
IPentahoSession session = PentahoSessionHolder.getSession();</div><div>Authentication auth = SecurityHelper.getAuthentication(session, false);</div><div>GrantedAuthority[] gAuths = auth.getAuthorities();</div><div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Monaco">
String role name = gAuths[index].getAuthority();</div></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Monaco"><br></div></span></font>As for the programmatic role its a bit more complicated.</div>
<div>You will have to extend the MDXConnection and edit the pentahoObjects.spring.xml to use your mdx connection.</div><div>Your custom one can then set a programmatic role that you implemented and that has the methods you wish.</div>
<div><br></div><div><br></div><div>Good luck!</div><div><br></div><div>-Paul</div><div><br></div><div><span style="font-family:Monaco;font-size:11px"><br></span></div><div><div><div>On Dec 7, 2012, at 4:52 PM, Nizar Mabroukeh wrote:</div>
<br><blockquote type="cite">Thank you, I am using Pentaho.<br><div class="gmail_extra"><br clear="all"><div><div>Nizar</div></div><br>
<br><br><div class="gmail_quote">On Fri, Dec 7, 2012 at 10:47 AM, Paul Stoellberger <span dir="ltr"><<a href="mailto:p.stoellberger@gmail.com" target="_blank">p.stoellberger@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">You can use a dynamic schema processor to add that role grant to the schema upon initialization.<div>Just implement the DynamicSchemaProcessor interface in a custom class, put it on the classpath and use the connection property: ;<span style="font-family:Monaco;font-size:11px">DynamicSchemaProcessor=my.custom.DSP;</span></div>
<div><font face="Monaco"><span style="font-size:11px"><br></span></font><div><br></div><div>Alternatively you can use a programmatic role that can check x, y, z in the according role methods:</div><div><br></div><div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo">
@Override</div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo"> <span style="color:#cf00a0">public</span> Access getAccess(Member member) {};</div>
<div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo"><br></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo">
<font face="Helvetica" size="3">Are you using mondrian directly or pentaho?</font></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo"><font face="Helvetica" size="3"><br>
</font></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo"><font face="Helvetica" size="3">-Paul</font></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo">
<font face="Helvetica" size="3"><br></font></div><div style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;font:normal normal normal 11px/normal Menlo"><font face="Helvetica" size="3"><br></font></div>
<div><div>On Dec 7, 2012, at 4:36 PM, Nizar Mabroukeh wrote:</div><br><blockquote type="cite">I am trying to implement parametrized roles, such that a mondrian user can pass parameters in addition to passing the role when establishing a connection.<br>
<br>In the schema, I have something that looks like this:<br><role name="GenericSalesPerson"><br>
<CubeGrant cube="Customers" access="all"><br> <HierarchyGrant hierarchy="Security" topLevel="GID" bottomLevel="UID" access="custom"><br>
<MemberGrant member="[Security].[{gid}],[{uid}]" access="all"><br> </MemberGrant><br> </HierarchyGrant><br> </CubeGrant><br>...<br></role><br>
<br>As you can see I am trying to limit the role's access to the cube based on a degenerate security dimension, so the user can only see data that have his own groupId and UserId. <br>I want the ability to retrieve the role after establishing connection by using schema.getRole(), resolve the parameters in the role (the {gid} and {uid}) to their provided values, then set the connection role using connection.setRole() for these changes to take effect. It will be great if I can retrieve the role as XML and process it. I am using Mondrian 3.3.0 and I do not see any such methods in the API to retrieve role as XML.<br>
Any help or directions? much appreciated.<br><br><br>Nizar<br><br>
_______________________________________________<br>Mondrian mailing list<br><a href="mailto:Mondrian@pentaho.org" target="_blank">Mondrian@pentaho.org</a><br><a href="http://lists.pentaho.org/mailman/listinfo/mondrian" target="_blank">http://lists.pentaho.org/mailman/listinfo/mondrian</a><br>
</blockquote></div><br></div></div></div><br>_______________________________________________<br>
Mondrian mailing list<br>
<a href="mailto:Mondrian@pentaho.org" target="_blank">Mondrian@pentaho.org</a><br>
<a href="http://lists.pentaho.org/mailman/listinfo/mondrian" target="_blank">http://lists.pentaho.org/mailman/listinfo/mondrian</a><br>
<br></blockquote></div><br></div>
_______________________________________________<br>Mondrian mailing list<br><a href="mailto:Mondrian@pentaho.org" target="_blank">Mondrian@pentaho.org</a><br><a href="http://lists.pentaho.org/mailman/listinfo/mondrian" target="_blank">http://lists.pentaho.org/mailman/listinfo/mondrian</a><br>
</blockquote></div><br></div></div><br>_______________________________________________<br>
Mondrian mailing list<br>
<a href="mailto:Mondrian@pentaho.org" target="_blank">Mondrian@pentaho.org</a><br>
<a href="http://lists.pentaho.org/mailman/listinfo/mondrian" target="_blank">http://lists.pentaho.org/mailman/listinfo/mondrian</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Mondrian mailing list<br>
<a href="mailto:Mondrian@pentaho.org">Mondrian@pentaho.org</a><br>
<a href="http://lists.pentaho.org/mailman/listinfo/mondrian" target="_blank">http://lists.pentaho.org/mailman/listinfo/mondrian</a><br>
<br></blockquote></div>