[Mondrian] Olap4J as JNDI datasource and passing Roles

Julian Hyde jhyde at pentaho.com
Mon Nov 9 13:03:21 EST 2009


OlapConnection has methods

  void setRoleName(String)
  String getRoleName()

Obviously you can't pass in Mondrian Role objects, because they are
Mondrian-specific.

Generally I'd expect you to get an olap4j connection from the pool, then
call setRoleName on it. Or, better, get an olap4j connection by calling
DataSource.getConnection(username, password) and rely on the server to set
the right roles for that user.

This is going to sound like me saying 'that's not my job', but here goes.
It's not olap4j's job to be dealing with mondrian-specific data structures.
And because it is an engine not a server, it's not mondrian's job to be
remembering user names, passwords, and lists of roles associated with a
user. So, those responsibilities should fall on BISERVER.

Julian

> -----Original Message-----
> From: mondrian-bounces at pentaho.org 
> [mailto:mondrian-bounces at pentaho.org] On Behalf Of Thomas Morgner
> Sent: Monday, November 09, 2009 6:49 AM
> To: Mondrian mailing list
> Subject: [Mondrian] Olap4J as JNDI datasource and passing Roles
> 
> Hi,
> 
> while working on the role-passing code for the classic
> Mondrian connections, I realized that we have no way in
> OLAP4J to pass in Mondrian roles.
> 
>  From what I heard from the community, Mondrian roles are
> not necessarily the roles used in the security system of
> (for instance) the Pentaho Platform. In fact, they seem
> to be rather arbitrary, come from anywhere and can be anything.
> 
> Mondrian connections require us to pass in the roles as
> a list of strings in one of the connection properties.
> 
> When in OLAP4J mode, Mondrian's connection properties are
> configured via the JDBC-Connection-properties. But when
> we store a OLAP4J Connection into JNDI, we are no longer
> able to access these properties, as JNDI explicitly shields
> us from that knowledge. Therefore, we are cut off from
> properly configuring the security settings.
> 
> Is there an alternative way to pass in Role-information to
> OLAP4J Mondrian connections?
> 
> Have fun,
> said Thomas
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
> 




More information about the Mondrian mailing list