saiku角色权限控制
-
tomcat/webapps/saiku/WEB-INF/classes/saiku-datasources/your-cube文件中
# some security configuration for roles, first enable it security.enabled=true # there are 3 different types of security: # "one2one" (try and map spring user roles to mondrian roles), # "mapping" (define the mapping of spring and mondrian roles manually) # "passthrough" (will pass username + password of logged in user to connection, e.g. jdbc user + password) security.type=one2one # security.type=mapping # security.mapping=springRole=mondrianRole1;springRole2=mondrianRole2
-
tomcat/webapps/saiku/WEB-INF/users.properties
admin=abcdefg,ROLE_USER,ROLE_ADMIN chenfan=1234567,ROLE_FINANCE xiaoqiuying=520520,ROLE_FINANCE
-
cube的schema文件里,仿FoodMart.xml里的最后一段:
<!-- A California manager can only see customers and stores in California. They cannot drill down on Gender. --> <Role name="California manager"> <SchemaGrant access="none"> <CubeGrant cube="Sales" access="all"> <HierarchyGrant hierarchy="[Store]" access="custom" topLevel="[Store].[Store Country]"> <MemberGrant member="[Store].[USA].[CA]" access="all"/> <MemberGrant member="[Store].[USA].[CA].[Los Angeles]" access="none"/> </HierarchyGrant> <HierarchyGrant hierarchy="[Customers]" access="custom" topLevel="[Customers].[State Province]" bottomLevel="[Customers].[City]"> <MemberGrant member="[Customers].[USA].[CA]" access="all"/> <MemberGrant member="[Customers].[USA].[CA].[Los Angeles]" access="none"/> </HierarchyGrant> <HierarchyGrant hierarchy="[Gender]" access="none"/> </CubeGrant> </SchemaGrant> </Role> <Role name="No HR Cube"> <SchemaGrant access="all"> <CubeGrant cube="HR" access="none"/> </SchemaGrant> </Role>
Done!