Skip to main content

Pentaho+ documentation has moved!

The new product documentation portal is here. Check it out now at docs.hitachivantara.com

 

Hitachi Vantara Lumada and Pentaho Documentation

Mondrian role mapping in the Pentaho Server

Parent article

The role mapper connects user role restrictions defined in a Mondrian schema to user roles defined in the Pentaho Server. This enables BI developers to set schema access controls in a single place, rather than in many places across different parts of Business Analytics. If you do not configure the role mapper, then none of the roles defined in your schema will restrict access in the Pentaho Server.

The role mapper is configured through the Pentaho Server in the pentaho-solutions/system/pentahoObjects.spring.xml file. There are three mapper implementations available, each with disabled example configurations in pentahoObjects.spring.xml.

The Mondrian One-To-One UseRoleMapper

The Mondrian-One-To-One-UserRoleMapper maps each role name in the Pentaho Server to roles defined in the OLAP schema. Therefore, the mapper assumes that the roles defined in your OLAP schema are mirrored in the Pentaho Server. For example, if you have a role called CTO in your schema, and a role called CTO in the Pentaho Server, this role mapper would be appropriate.

<bean id="Mondrian-UserRoleMapper"
name="Mondrian-One-To-One-UserRoleMapper"
class="org.pentaho.platform.plugin.action.mondrian.mapper​.MondrianOneToOneUserRoleListMapper"
scope="singleton" />

The Mondrian-SampleLookupMap-UserRoleMapper

This mapper provides a translation table (in the form of a <map> element) to associate Pentaho Server roles with OLAP schema roles. The lookups take the form of key/value pairs where the key is the Pentaho Server's Business Analytics role, and the value is the OLAP schema role. In the example below, the ceo role in the Pentaho Server maps to the California manager role in the schema.

<bean id="Mondrian-UserRoleMapper"
        name="Mondrian-SampleLookupMap-UserRoleMapper"
        class="org.pentaho.platform.plugin.action.mondrian.mapper.
        MondrianLookupMapUserRoleListMapper"
        scope="singleton">
    <property name="lookupMap">
        <map>
            <entry key="ceo" value="California manager" />
            <entry key="cto" value="M_CTO" />
            <entry key="dev" value="M_DEV" />
        </map>
    </property>
</bean>

The Mondrian-SampleUserSession-UserRoleMapper

This mapper retrieves OLAP schema roles from a named HTTP session variable. In the below example, the session is stored in a variable called MondrianUserRoles.

<bean id="Mondrian-UserRoleMapper"
    name="Mondrian-SampleUserSession-UserRoleMapper"
    class="org.pentaho.platform.plugin.action.mondrian.mapper.
    MondrianUserSessionUserRoleListMapper"
    scope="singleton">
        <property name="sessionProperty" value="MondrianUserRoles" />
</bean>