To restrict data access based on logged in user I should:
1. define system action that would put a username into a session variable
2. put this xaction into sessionStartupActions.xml
3. define row level constraints in Metadata Editor for adhoc reports
4. define roles in Schema Workbench for analysis
5. define Mondrian-UserRoleMapper in pentahoObjects.spring.xml for logged user to schema role mapping
and that should give me complete row-level security working solution or am I missing something?