Mondrian Role Mapping in the Pentaho Server
The role mapper connects user role restrictions defined in a Mondrian schema to user roles defined in the Pentaho Server. This enables BI developers to set schema access controls in a single place, rather than in many places across different parts of Business Analytics. If you do not configure the role mapper, then none of the roles defined in your schema will restrict access in the Pentaho Server.
The role mapper is configured through the Pentaho Server in the /pentaho-solutions/system/pentahoObjects.spring.xml file. There are three mapper implementations available, each with disabled example configurations in pentahoObjects.spring.xml.
The Mondrian One-To-One UseRoleMapper
The Mondrian-One-To-One-UserRoleMapper maps each role name in the Pentaho Server to roles defined in the OLAP schema. Therefore, the mapper assumes that the roles defined in your OLAP schema are mirrored in the Pentaho Server. For example, if you have a role called "CTO" in your schema, and a role called "CTO" in the Pentaho Server, this role mapper would be appropriate.
<bean id="Mondrian-UserRoleMapper" name="Mondrian-One-To-One-UserRoleMapper" class="org.pentaho.platform.plugin.action.mondrian.mapper.MondrianOneToOneUserRoleListMapper" scope="singleton" />
The Mondrian SampleLookupMap UserRoleMapper
This mapper provides a translation table (in the form of a <map> element) to associate Pentaho Server roles with OLAP schema roles. The lookups take the form of key/value pairs where the key is the Pentaho Server's Business Analytics role, and the value is the OLAP schema role. In the example below, the "ceo" role in the Pentaho Server maps to the "California manager" role in the schema.
<bean id="Mondrian-UserRoleMapper" name="Mondrian-SampleLookupMap-UserRoleMapper" class="org.pentaho.platform.plugin.action.mondrian.mapper. MondrianLookupMapUserRoleListMapper" scope="singleton"> <property name="lookupMap"> <map> <entry key="ceo" value="California manager" /> <entry key="cto" value="M_CTO" /> <entry key="dev" value="M_DEV" /> </map> </property> </bean>
The Mondrian SampleUserSession UserRoleMapper
This mapper retrieves OLAP schema roles from a named HTTP session variable. In the below example, the session is stored in a variable called MondrianUserRoles.
<bean id="Mondrian-UserRoleMapper" name="Mondrian-SampleUserSession-UserRoleMapper" class="org.pentaho.platform.plugin.action.mondrian.mapper. MondrianUserSessionUserRoleListMapper" scope="singleton"> <property name="sessionProperty" value="MondrianUserRoles" /> </bean>