[Mondrian] Roles with lots of Members

Richard Emberson remberson at edgedynamics.com
Wed Mar 28 20:02:58 EDT 2007


Concerning a Role SPI, are you suggesting having a
Role interface and the existing Role class becomes the
default implementation?
I'd be interested in having a Role interface so that I
could roll my oun Role.
Thanks.

Richard


Julian Hyde wrote:
> I think it would be fine up to a few thousand member-grant objects. 100K
> or 500K is pushing it, though.
> 
> We have talked about programmatic roles. That is, a subclass of Role
> which executes a piece of code to see whether the Role can access a
> particular member. Using this technique, you could easily write a piece
> of logic to data drive the access control - see what are the privileges
> of the role, and look at an attribute of the member (or its ancestors)
> which determines who can see it.
> 
> There is not currently an SPI for Role, but one isn't really needed - if
> you control the container environment, you can manually create such a
> Role before invoking mondrian.
> 
> If someone would like to contribute an SPI or some use cases for this
> kind of usage of roles, I would be grateful.
> 
> Julian
> 
>> -----Original Message-----
>> From: mondrian-bounces at pentaho.org 
>> [mailto:mondrian-bounces at pentaho.org] On Behalf Of Richard Emberson
>> Sent: Wednesday, March 21, 2007 12:54 PM
>> To: 'Mondrian developer mailing list'
>> Subject: [Mondrian] Roles with lots of Members
>>
>>
>> If one wants to do data-level access control and has, say
>> 100,000 or 500,000, Members to a Hierarchy, what
>> are the issues.
>>
>> All access controlled items are stored in Maps.
>>
>> I can see that some of the
>> Role methods seem to require iterating over the Members
>> currently in the Role. Each Hierarchy Map has a Map of
>> Members. This might be both large and slow?
>>
>> Hierarchies, which there are only a few, require an Object
>> be created for each (the Role.HierarchyAccess Object)
>> but there will not be too many of them.
>>
>> Each user will have their own Role and there may be
>> tens of users.
>>
>>
>> Richard
>>
>> -- 
>> Quis custodiet ipsos custodes:
>> This email message is for the sole use of the intended 
>> recipient(s) and
>> may contain confidential information.  Any unauthorized review, use,
>> disclosure or distribution is prohibited.  If you are not the intended
>> recipient, please contact the sender by reply email and destroy all
>> copies of the original message.
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>
> 
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
> 


-- 
Quis custodiet ipsos custodes:
This email message is for the sole use of the intended recipient(s) and
may contain confidential information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.



More information about the Mondrian mailing list