[Mondrian] Row-level Security
nmabroukeh at crosscommercemedia.com
Wed Jan 2 12:38:42 EST 2013
Thank you Luc and Pedro.
Isn't it better to simply push RLS to the sql level, bypassing role level?
I am thinking of the following scenario:
1- Each row in the fact table and most dimension tables in the data
warehouse is already secured by a user key.
2- Mondrian needs to use this user key in its outgoing sql statements such
that only data that this user is allowed to see gets pulled out of the DB,
2a- Mondrian will need to get the user key from authentication system (or
2b- push it down to its SQL layer to be used in sql queries against the
I think that Mondrian cache should also be made aware of this, maybe by
tagging data in the cache as being owned by a certain user key.
Conceptually, this is what RLS is about, and the described scenario is a
more direct implementation of it. This implementation also avoids all the
hassle and overhead of programmatic roles or dynamic schema processors.
On Wed, Jan 2, 2013 at 11:39 AM, Luc Boudreau <lucboudreau at gmail.com> wrote:
> This should help you get started. (
> Note that in multi-tenant situations, we recommend using programmatic
> roles instead. (
> http://devdonkey.blogspot.ca/2012/09/programmatic-roles-in-mondrian.html )
> Good luck
> On Wed, Jan 2, 2013 at 11:15 AM, Pedro Alves <pmgalves at gmail.com> wrote:
>> Roles == RLS....
>> On Wed 02 Jan 2013 04:08:49 PM WET, Nizar Mabroukeh wrote:
>> > Hi there everyone, happy new year 2013!
>> > Are there any success stories or showcases in which row-level security
>> > (RLS) is implemented with Mondrian?
>> > We are trying to use Mondrian in a multi-user and multi-tenant
>> > environment. Using only role or cell-level security does not really
>> > cut it for us, I see the need for RLS in Mondrian is getting more
>> > urgent. Any feedback on this?
>> > Thank you and regards,
>> > Nizar Mabroukeh
>> > http://www.cs.uwindsor.ca/~mabrouk
>> > _______________________________________________
>> > Mondrian mailing list
>> > Mondrian at pentaho.org
>> > http://lists.pentaho.org/mailman/listinfo/mondrian
>> Mondrian mailing list
>> Mondrian at pentaho.org
> Mondrian mailing list
> Mondrian at pentaho.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mondrian