[Mondrian] Roles with parameters for members

Nizar Mabroukeh nmabroukeh at crosscommercemedia.com
Wed Dec 26 14:00:40 EST 2012


What class sets the authentication values? I am trying to pull some other
values from pentaho repository into the session besides the principalName
and principalRoles. I cannot seem to find where in pentaho code the
repository is queried for principalRoles and such.

Any help is appreciated. Thank you.

Nizar



On Fri, Dec 7, 2012 at 11:05 AM, Paul Stoellberger <p.stoellberger at gmail.com
> wrote:

> Well thats easy then, I guess I would use the dynamic schema processor as
> its the easiest / simplest way.
> You can access the Pentaho Session (for name + roles) like that:
> IPentahoSession session = PentahoSessionHolder.getSession();
> Authentication auth = SecurityHelper.getAuthentication(session, false);
> GrantedAuthority[] gAuths = auth.getAuthorities();
> String role name = gAuths[index].getAuthority();
>
> As for the programmatic role its a bit more complicated.
> You will have to extend the MDXConnection and edit the
> pentahoObjects.spring.xml to use your mdx connection.
> Your custom one can then set a programmatic role that you implemented and
> that has the methods you wish.
>
>
> Good luck!
>
> -Paul
>
>
> On Dec 7, 2012, at 4:52 PM, Nizar Mabroukeh wrote:
>
> Thank you, I am using Pentaho.
>
> Nizar
>
>
>
> On Fri, Dec 7, 2012 at 10:47 AM, Paul Stoellberger <
> p.stoellberger at gmail.com> wrote:
>
>> You can use a dynamic schema processor to add that role grant to the
>> schema upon initialization.
>> Just implement the DynamicSchemaProcessor interface in a custom class,
>> put it on the classpath and use the connection property: ;
>> DynamicSchemaProcessor=my.custom.DSP;
>>
>>
>> Alternatively you can use a programmatic role that can check x, y, z in
>> the according role methods:
>>
>>   @Override
>>   public Access getAccess(Member member) {};
>>
>> Are you using mondrian directly or pentaho?
>>
>> -Paul
>>
>>
>> On Dec 7, 2012, at 4:36 PM, Nizar Mabroukeh wrote:
>>
>> I am trying to implement parametrized roles, such that a mondrian user
>> can pass parameters in addition to passing the role when establishing a
>> connection.
>>
>> In the schema, I have something that looks like this:
>> <role name="GenericSalesPerson">
>>       <CubeGrant cube="Customers" access="all">
>>         <HierarchyGrant hierarchy="Security" topLevel="GID"
>> bottomLevel="UID" access="custom">
>>           <MemberGrant member="[Security].[{gid}],[{uid}]" access="all">
>>           </MemberGrant>
>>         </HierarchyGrant>
>>       </CubeGrant>
>> ...
>> </role>
>>
>> As you can see I am trying to limit the role's access to the cube based
>> on a degenerate security dimension, so the user can only see data that have
>> his own groupId and UserId.
>> I want the ability to retrieve the role after establishing connection by
>> using schema.getRole(), resolve the parameters in the role (the {gid} and
>> {uid}) to their provided values, then set the connection role using
>> connection.setRole() for these changes to take effect. It will be great if
>> I can retrieve the role as XML and process it. I am using Mondrian 3.3.0
>> and I do not see any such methods in the API to retrieve role as XML.
>> Any help or directions? much appreciated.
>>
>>
>> Nizar
>>
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>
>>
>>
>> _______________________________________________
>> Mondrian mailing list
>> Mondrian at pentaho.org
>> http://lists.pentaho.org/mailman/listinfo/mondrian
>>
>>
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
>
>
>
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20121226/a6a1a061/attachment.html 


More information about the Mondrian mailing list