[Mondrian] Cross-dimension role based security
Matt Campbell
mcampbell at pentaho.com
Tue Mar 19 09:24:50 EDT 2013
MONDRIAN-1257<http://jira.pentaho.com/browse/MONDRIAN-1257> describes a currently unsupported use case in which a restriction on one dimension impacts the members available in another dimension. For example, if I define a role with access to only a single member of the [Market] dimension, I'd like to also restrict the [Customer] dimension down to just those members that have data within the permitted [Market] member.
I'm curious what people think about this. I have a couple half- baked thoughts:
1) Allow MDX sets within role definitions. This could allow a filter definition to restrict Customers who have data within a Market. SSAS allows member set restrictions like this.
2) Enforce restrictions based on relationships within a dimension. If Market and Customer were both attributes within a single dimension, and there was a defined relationship between the two attributes (e.g. each customer is in exactly one market), then Mondrian could implicitly restrict customer based on market.
The expectation in the ticket is that the customer restriction would just happen. I'm not sure that's practical, though--automatically handling cross-dim restrictions seems like a huge overhead, since we'd need to effectively fire native non empty queries for each dimension. We wouldn't know up front what relationships are relevant.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pentaho.org/pipermail/mondrian/attachments/20130319/09708f11/attachment.html
More information about the Mondrian
mailing list