[Mondrian] Roles with parameters for members

Luc Boudreau lucboudreau at gmail.com
Sat Dec 8 09:54:57 EST 2012


You are right. Using the DSP will segment your cache in as many segments as
there are schemas. Programmatic roles are recommended.

Luc
On Dec 7, 2012 11:15 AM, "Nizar Mabroukeh" <
nmabroukeh at crosscommercemedia.com> wrote:

> Thank you for the elaborate help.
> I was actually planning to extend MDXConnection and PentahoXmlaServlet
> because I am using XMLA calls to Mondrian. But the DSP looks tempting,
> won't it degrade the cache performance though, I remember I read some where
> in Jira that using DSP is discouraged,
>
>  Nizar
>
>
>
> On Fri, Dec 7, 2012 at 11:05 AM, Paul Stoellberger <
> p.stoellberger at gmail.com> wrote:
>
>> Well thats easy then, I guess I would use the dynamic schema processor as
>> its the easiest / simplest way.
>> You can access the Pentaho Session (for name + roles) like that:
>>  IPentahoSession session = PentahoSessionHolder.getSession();
>> Authentication auth = SecurityHelper.getAuthentication(session, false);
>> GrantedAuthority[] gAuths = auth.getAuthorities();
>> String role name = gAuths[index].getAuthority();
>>
>> As for the programmatic role its a bit more complicated.
>> You will have to extend the MDXConnection and edit the
>> pentahoObjects.spring.xml to use your mdx connection.
>> Your custom one can then set a programmatic role that you implemented and
>> that has the methods you wish.
>>
>>
>> Good luck!
>>
>> -Paul
>>
>>
>> On Dec 7, 2012, at 4:52 PM, Nizar Mabroukeh wrote:
>>
>> Thank you, I am using Pentaho.
>>
>> Nizar
>>
>>
>>
>> On Fri, Dec 7, 2012 at 10:47 AM, Paul Stoellberger <
>> p.stoellberger at gmail.com> wrote:
>>
>>> You can use a dynamic schema processor to add that role grant to the
>>> schema upon initialization.
>>> Just implement the DynamicSchemaProcessor interface in a custom class,
>>> put it on the classpath and use the connection property: ;
>>> DynamicSchemaProcessor=my.custom.DSP;
>>>
>>>
>>> Alternatively you can use a programmatic role that can check x, y, z in
>>> the according role methods:
>>>
>>>   @Override
>>>   public Access getAccess(Member member) {};
>>>
>>> Are you using mondrian directly or pentaho?
>>>
>>> -Paul
>>>
>>>
>>> On Dec 7, 2012, at 4:36 PM, Nizar Mabroukeh wrote:
>>>
>>> I am trying to implement parametrized roles, such that a mondrian user
>>> can pass parameters in addition to passing the role when establishing a
>>> connection.
>>>
>>> In the schema, I have something that looks like this:
>>> <role name="GenericSalesPerson">
>>>       <CubeGrant cube="Customers" access="all">
>>>         <HierarchyGrant hierarchy="Security" topLevel="GID"
>>> bottomLevel="UID" access="custom">
>>>           <MemberGrant member="[Security].[{gid}],[{uid}]" access="all">
>>>           </MemberGrant>
>>>         </HierarchyGrant>
>>>       </CubeGrant>
>>> ...
>>> </role>
>>>
>>> As you can see I am trying to limit the role's access to the cube based
>>> on a degenerate security dimension, so the user can only see data that have
>>> his own groupId and UserId.
>>> I want the ability to retrieve the role after establishing connection by
>>> using schema.getRole(), resolve the parameters in the role (the {gid} and
>>> {uid}) to their provided values, then set the connection role using
>>> connection.setRole() for these changes to take effect. It will be great if
>>> I can retrieve the role as XML and process it. I am using Mondrian 3.3.0
>>> and I do not see any such methods in the API to retrieve role as XML.
>>> Any help or directions? much appreciated.
>>>
>>>
>>> Nizar
>>>
>>> _______________________________________________
>>> Mondrian mailing list
>>> Mondrian at pentaho.org
>>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>>
>>>
>>>
>>> _______________________________________________
>>> Mondrian mailing list
>>> Mondrian at pentaho.org
>>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>>
>>>
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>
>>
>>
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>
>>
>
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20121208/33a92ebc/attachment.html 


More information about the Mondrian mailing list