[Mondrian] base cube role restriction, impact on virtual cube

Julian Hyde jhyde at pentaho.com
Thu Jul 25 17:37:20 EDT 2013

I always liked the fact that in a DBMS one could control access to a table by creating a view and only giving access to the view. Queries that use the view would succeed, and queries that use the underlying table directly would fail.

I would like a similar model of access-control in Mondrian. So, in Mondrian 3 we should allow people to access a virtual cube even if they cannot access all of the underlying cubes.

In Mondrian 4 a similar situation cannot arise, but if we were to introduce something similar to Microsoft's "perspective cubes", I would use the same access-control model.


On Jul 25, 2013, at 8:25 AM, Matt Campbell <mcampbell at pentaho.com> wrote:

> I'm looking at a defect right now involving a role with no access to two
> base cubes, but unrestricted on the virtual cube in which the cubes
> appear.  The role does not restrict access to the data in those two
> cubes when accessed via the virtual cube.  This is arguably correct
> behavior, in that the designer of the virtual cube may have specifically
> thought about what should be accessible from the underlying base cubes
> and intentionally left it accessible.  I'm curious to hear what others
> think.
> The actual error in the defect is a NPE when ValidMeasure() resolves the
> base cube one of the measures is on.   getCubes() only returns the cubes
> accessible to the role.  If the current virtual cube role behavior is
> correct then I think we'll need to find some way of looking up the full
> set of base cubes in the virtual cube, even if in a restricted role.
> I haven't tried yet, but I'm betting this is a non-issue in 4.0 since
> virtual cubes have gone away.
> _______________________________________________
> Mondrian mailing list
> Mondrian at pentaho.org
> http://lists.pentaho.org/mailman/listinfo/mondrian

More information about the Mondrian mailing list