[Mondrian] Roles with lots of Members

Julian Hyde julianhyde at speakeasy.net
Thu Mar 22 02:20:41 EDT 2007

I think it would be fine up to a few thousand member-grant objects. 100K
or 500K is pushing it, though.

We have talked about programmatic roles. That is, a subclass of Role
which executes a piece of code to see whether the Role can access a
particular member. Using this technique, you could easily write a piece
of logic to data drive the access control - see what are the privileges
of the role, and look at an attribute of the member (or its ancestors)
which determines who can see it.

There is not currently an SPI for Role, but one isn't really needed - if
you control the container environment, you can manually create such a
Role before invoking mondrian.

If someone would like to contribute an SPI or some use cases for this
kind of usage of roles, I would be grateful.


> -----Original Message-----
> From: mondrian-bounces at pentaho.org 
> [mailto:mondrian-bounces at pentaho.org] On Behalf Of Richard Emberson
> Sent: Wednesday, March 21, 2007 12:54 PM
> To: 'Mondrian developer mailing list'
> Subject: [Mondrian] Roles with lots of Members
> If one wants to do data-level access control and has, say
> 100,000 or 500,000, Members to a Hierarchy, what
> are the issues.
> All access controlled items are stored in Maps.
> I can see that some of the
> Role methods seem to require iterating over the Members
> currently in the Role. Each Hierarchy Map has a Map of
> Members. This might be both large and slow?
> Hierarchies, which there are only a few, require an Object
> be created for each (the Role.HierarchyAccess Object)
> but there will not be too many of them.
> Each user will have their own Role and there may be
> tens of users.
> Richard
> -- 
> Quis custodiet ipsos custodes:
> This email message is for the sole use of the intended 
> recipient(s) and
> may contain confidential information.  Any unauthorized review, use,
> disclosure or distribution is prohibited.  If you are not the intended
> recipient, please contact the sender by reply email and destroy all
> copies of the original message.
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian

More information about the Mondrian mailing list