[Mondrian] XMLA Security

Pedro Casals pcasalsfradera at yahoo.com
Fri Mar 16 07:33:43 EDT 2007


I'm working on mondrian XMLA security and I have some doubts: The scenario is that you have a role that restricts the access to the two upper levels of an hierarchy (this hierarchy has four levels).

1st. I belive that the XMLA client should not be aware that this hierarchy has 4 levels. Do yo agree? This is the way JPivot is working. 

2nd. Provided you agree with the previous point, what do you think would be the best strategy?: On one hand, upon cube defition load we could arrange the cube definition to match the role restriction. On the other hand, we could go on all XMLA request and filter it.
Doing it with the first strategy, it looks like its easier to manage. However, I see pooled cubes and I do not know if these pooled cubes are shared among several XMLA clients. Should this be the case, we should have to go through the second way.
Doing it the second strategy, we have to deal with all different XMLA requests, which should take more work, but looks safe, since no one could workaround security writing direct MDX.

3rd. Is there a way to restrict a measure to a role?


LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20070316/6cf01bf7/attachment.html 

More information about the Mondrian mailing list