[Mondrian] Roles with parameters for members
Paul Stoellberger
p.stoellberger at gmail.com
Fri Dec 7 11:05:26 EST 2012
Well thats easy then, I guess I would use the dynamic schema processor as its the easiest / simplest way.
You can access the Pentaho Session (for name + roles) like that:
IPentahoSession session = PentahoSessionHolder.getSession();
Authentication auth = SecurityHelper.getAuthentication(session, false);
GrantedAuthority[] gAuths = auth.getAuthorities();
String role name = gAuths[index].getAuthority();
As for the programmatic role its a bit more complicated.
You will have to extend the MDXConnection and edit the pentahoObjects.spring.xml to use your mdx connection.
Your custom one can then set a programmatic role that you implemented and that has the methods you wish.
Good luck!
-Paul
On Dec 7, 2012, at 4:52 PM, Nizar Mabroukeh wrote:
> Thank you, I am using Pentaho.
>
> Nizar
>
>
>
> On Fri, Dec 7, 2012 at 10:47 AM, Paul Stoellberger <p.stoellberger at gmail.com> wrote:
> You can use a dynamic schema processor to add that role grant to the schema upon initialization.
> Just implement the DynamicSchemaProcessor interface in a custom class, put it on the classpath and use the connection property: ;DynamicSchemaProcessor=my.custom.DSP;
>
>
> Alternatively you can use a programmatic role that can check x, y, z in the according role methods:
>
> @Override
> public Access getAccess(Member member) {};
>
> Are you using mondrian directly or pentaho?
>
> -Paul
>
>
> On Dec 7, 2012, at 4:36 PM, Nizar Mabroukeh wrote:
>
>> I am trying to implement parametrized roles, such that a mondrian user can pass parameters in addition to passing the role when establishing a connection.
>>
>> In the schema, I have something that looks like this:
>> <role name="GenericSalesPerson">
>> <CubeGrant cube="Customers" access="all">
>> <HierarchyGrant hierarchy="Security" topLevel="GID" bottomLevel="UID" access="custom">
>> <MemberGrant member="[Security].[{gid}],[{uid}]" access="all">
>> </MemberGrant>
>> </HierarchyGrant>
>> </CubeGrant>
>> ...
>> </role>
>>
>> As you can see I am trying to limit the role's access to the cube based on a degenerate security dimension, so the user can only see data that have his own groupId and UserId.
>> I want the ability to retrieve the role after establishing connection by using schema.getRole(), resolve the parameters in the role (the {gid} and {uid}) to their provided values, then set the connection role using connection.setRole() for these changes to take effect. It will be great if I can retrieve the role as XML and process it. I am using Mondrian 3.3.0 and I do not see any such methods in the API to retrieve role as XML.
>> Any help or directions? much appreciated.
>>
>>
>> Nizar
>>
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>
>
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
>
>
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20121207/9a28f862/attachment-0001.html
More information about the Mondrian
mailing list