Applying dynamic security in Mondrian

David Fombella Pombal http://anonymousbi.wordpress.com

@Pentaho_Fan

Applying dynamic security in Mondrian 2

About me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 3

About Me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 4

David Fombella PombalBI Consultant, Technical Developmental Editor and Pentaho Community Guy

About me

Applying dynamic security in Mondrian 5

About Me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 6

Introduction•Mondrian is an open source ROLAP server written in Java

•Reads from JDBC data sources

•Implements the MDX language

•Supports the XML for Analysis and olap4j interface specifications.

•Included in Pentaho suite

Applying dynamic security in Mondrian 7

Introduction•Mondrian allows role based data access

•Each user is assigned one or more roles

•Data access rules are set on the schema file

Applying dynamic security in Mondrian 8

About Me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 9

Simple Scenario•President has access to full data

•Country manager has access to a specific country

•A few roles are required

•Roles are created and assigned manually

•Access rules are edited by hand in XML file

Applying dynamic security in Mondrian 10

About me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 11

Complex Scenario•Case in Hand: PentahoFan fictitious company

•International multi-channel retailer

•Collects sales data from all its stores

•Needs to limit data visibility per user/role

•Stores distributed over five continents

•4 categories of users : President, Continent Manager, Country Manager and Store Manager

•Over 8000 stores

Applying dynamic security in Mondrian 12

First reaction

Panic!

Applying dynamic security in Mondrian 13

Problem description•Users and Security information will be stored in 2 database tables (users, users_scope)

usersu_userid

usersu_username

1 President

2 EuropeManager

3 NorthAmericaManager

4 AfricaManager

16 SpainManager

20 USManager

21 EgyptManager

50 Store1Manager

58 Store7Manager

59 Store8Manager

users_scopes_userid

users_scopes_storeid

1 1

1 2

1 100

2 1

2 2

2 3

16 1

16 2

50 1

58 7

Applying dynamic security in Mondrian 14

Dimensions Measures

Problem description

•Quantity

•Amount

Applying dynamic security in Mondrian 15

Easy to use +Open Source +BI Solution =Pentaho andMondrian!

Searching

Applying dynamic security in Mondrian 16

About me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 17

Solution 1: Roles created using ETL•Add Roles to a Mondrian schema template using a Kettle Transformation

Applying dynamic security in Mondrian 18

Solution 1: Roles created using ETL

Problems:

•Performance issues

•ETL execution required if a new store opens

•Cube up to date?

Applying dynamic security in Mondrian 19

About Me

Simple Scenario

Complex Scenario

Introduction

Solution 1: Roles created using ETL

Solution 2: Dynamic Security

Applying dynamic security in Mondrian

Applying dynamic security in Mondrian 20

Solution 2: Dynamic Security

Dynamic Schema Processor

•Restricting data using a dynamic schema processor (DSP)

•Prior to Mondrian using the schema, the DSP can modify the schema.

Applying dynamic security in Mondrian 21

Time to code

Java +Eclipse IDE =Perfect combination!

Applying dynamic security in Mondrian 22

Solution 2: Dynamic Security

Applying dynamic security in Mondrian 23

Solution 2: Dynamic Security•Restricting data in store dimension using SQL view

Applying dynamic security in Mondrian 24

Solution 2: Dynamic Security

•Sales Cube using a SQL view

Applying dynamic security in Mondrian 25

Solution 2: Dynamic Security

Benefits:

• Nice Performance

• Updated cube

• Go live

Applying dynamic security in Mondrian 26

The End