Hitachi Vantara Pentaho Community Forums
Results 1 to 2 of 2

Thread: Establishing security in a cube filtering a database table

  1. #1
    Join Date
    Aug 2011
    Posts
    8

    Default Establishing security in a cube filtering a database table

    Hello people.

    I hope you can help me with this, I need to implement a cube.

    I have a cube which should restrict the display to the user. The user can only view the data in the area to which it belongs.

    The user-area ralationship is a table of the database. While the fact table is indexed with the id of the area and the cube has a dimension area.

    My idea is to get this area at login user and pass it as a parameter to the scheme and apply the definition of roles within the scheme.

    But not like it and did not find any examples of this type. Someone can guide me with this?

    From already thank you.

  2. #2
    Join Date
    Dec 2010
    Posts
    304

    Default

    Hi adri36,

    unfortunately in the schema you have to create a specific role for each area.
    Then you can create an xaction (that will run at session startup) to get the area belonging to the logged user and set the session variable containing the Mondrian role.

    xaction code (modify query and database connection according your needs):

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <action-sequence> 
      <name>SetMondrianRole.xaction</name>
      <title>SetMondrianRole</title>
      <version>1</version>
      <logging-level>debug</logging-level>
      <documentation> 
        <author/>  
        <description/>  
        <help/> 
      </documentation>
    
      <inputs> 
        <username type="string"> 
          <sources> 
            <session>name</session> 
          </sources> 
        </username> 
      </inputs>
    
      <outputs> 
        <role type="string"> 
          <destinations> 
            <session>role</session> 
          </destinations> 
        </role> 
      </outputs>
    
      <resources/>
      
      <actions> 
        <action-definition> 
          <component-name>SQLLookupRule</component-name>
          <action-type>Get area by username</action-type>
          <action-inputs> 
            <username type="string"/> 
          </action-inputs>
          <action-outputs> 
            <query-result type="result-set" mapping="queryResult"/> 
          </action-outputs>
          <component-definition> 
            <query><![CDATA[SELECT area
    FROM user_area_table 
    WHERE user = {PREPARE:username}]]></query>  
            <live><![CDATA[false]]></live>  
            <jndi><![CDATA[myJNDI]]></jndi>
          </component-definition> 
        </action-definition>
      
        <action-definition> 
          <component-name>JavascriptRule</component-name>
          <action-type>Create role variable</action-type>
          <action-inputs> 
            <queryResult type="result-set"/> 
          </action-inputs>
          <action-outputs> 
            <role type="string"/> 
          </action-outputs>
          <component-definition> 
            <script><![CDATA[var role = queryResult.getValueAt(0,0).toString();]]></script> 
          </component-definition> 
        </action-definition>
     
      </actions> 
    </action-sequence>
    In pentaho-solutions/system/sessionStartupActions.xml put "yourSolution/SetMondrianRole.xaction" as value of the "actionPath" properties.

    In pentaho-solutions/system/pentahoObjects.spring.xml uncomment the bean Mondrian-UserRoleMapper and put "role" as value of "sessionProperty":

    Code:
    <bean id="Mondrian-UserRoleMapper" 
            name="Mondrian-SampleUserSession-UserRoleMapper" 
            class="org.pentaho.platform.plugin.action.mondrian.mapper.MondrianUserSessionUserRoleListMapper" 
            scope="singleton">
          <property name="sessionProperty" value="role" />
      </bean>
    Obviously area and its role in Mondrian schema must have the same name.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.