[Mondrian] Roles with parameters for members

Paul Stoellberger p.stoellberger at gmail.com
Fri Dec 7 11:05:26 EST 2012 

Well thats easy then, I guess I would use the dynamic schema processor as its the easiest / simplest way.
You can access the Pentaho Session (for name + roles) like that: 
IPentahoSession session = PentahoSessionHolder.getSession();
Authentication auth = SecurityHelper.getAuthentication(session, false);
GrantedAuthority[] gAuths = auth.getAuthorities();
String role name = gAuths[index].getAuthority();

As for the programmatic role its a bit more complicated.
You will have to extend the MDXConnection and edit the pentahoObjects.spring.xml to use your mdx connection.
Your custom one can then set a programmatic role that you implemented and that has the methods you wish.


Good luck!

-Paul


On Dec 7, 2012, at 4:52 PM, Nizar Mabroukeh wrote:

> Thank you, I am using Pentaho.
> 
> Nizar
> 
> 
> 
> On Fri, Dec 7, 2012 at 10:47 AM, Paul Stoellberger <p.stoellberger at gmail.com> wrote:
> You can use a dynamic schema processor to add that role grant to the schema upon initialization.
> Just implement the DynamicSchemaProcessor interface in a custom class, put it on the classpath and use the connection property: ;DynamicSchemaProcessor=my.custom.DSP;
> 
> 
> Alternatively you can use a programmatic role that can check x, y, z in the according role methods:
> 
>   @Override
>   public Access getAccess(Member member) {};
> 
> Are you using mondrian directly or pentaho?
> 
> -Paul
> 
> 
> On Dec 7, 2012, at 4:36 PM, Nizar Mabroukeh wrote:
> 
>> I am trying to implement parametrized roles, such that a mondrian user can pass parameters in addition to passing the role when establishing a connection.
>> 
>> In the schema, I have something that looks like this:
>> <role name="GenericSalesPerson">
>>       <CubeGrant cube="Customers" access="all">
>>         <HierarchyGrant hierarchy="Security" topLevel="GID" bottomLevel="UID" access="custom">
>>           <MemberGrant member="[Security].[{gid}],[{uid}]" access="all">
>>           </MemberGrant>
>>         </HierarchyGrant>
>>       </CubeGrant>
>> ...
>> </role>
>> 
>> As you can see I am trying to limit the role's access to the cube based on a degenerate security dimension, so the user can only see data that have his own groupId and UserId. 
>> I want the ability to retrieve the role after establishing connection by using schema.getRole(), resolve the parameters in the role (the {gid} and {uid}) to their provided values, then set the connection role using connection.setRole() for these changes to take effect. It will be great if I can retrieve the role as XML and process it. I am using Mondrian 3.3.0 and I do not see any such methods in the API to retrieve role as XML.
>> Any help or directions? much appreciated.
>> 
>> 
>> Nizar
>> 
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
> 
> 
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
> 
> 
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20121207/9a28f862/attachment-0001.html

More information about the Mondrian mailing list