[Mondrian] RDBMS authorization
Julian Hyde
jhyde at pentaho.com
Mon Jun 23 18:07:13 EDT 2008
I don't understand. Mondrian catalogs don't contain username & password - by
design. A mondrian connect string brings together the URI of a catalog (i.e.
metadata) with JDBC information (i.e. the location of the data).
Are you perhaps referring to data sources defined in datasources.xml?
Julian
_____
From: mondrian-bounces at pentaho.org [mailto:mondrian-bounces at pentaho.org] On
Behalf Of Matt Campbell
Sent: Monday, June 23, 2008 12:55 PM
To: Mondrian developer mailing list
Subject: [Mondrian] RDBMS authorization
In our application we rely heavily on RDBMS authorization rules to govern
row/column security. A single database may have many different roles, and a
particular db user will be mapped to one of these roles. Because of this,
we deploy several Mondrian catalogs per database instance, one for each
role, with a different jdbc connection string for each.
This feels sub-optimal to me, because the actual Mondrian schema is
identical in all of these cases. We may have 20 different catalogs whose
only difference is the username/password in the jdbc connection. I've been
wondering lately if we could somehow associate the database connection with
a particular Mondrian role, allowing us to collapse all of these catalogs
down to a single one. Both the member and cell cache would need to be
specific to each role.
Any thoughts on whether this would be reasonable enhancement?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20080623/8636f393/attachment.html
More information about the Mondrian
mailing list