saiku角色权限控制

1. tomcat/webapps/saiku/WEB-INF/classes/saiku-datasources/your-cube文件中

   # some security configuration for roles, first enable it
   security.enabled=true
   
   # there are 3 different types of security:
   # "one2one" (try and map spring user roles to mondrian roles),
   # "mapping" (define the mapping of spring and mondrian roles manually)
   # "passthrough" (will pass username + password of logged in user to connection, e.g. jdbc user + password)
   
   security.type=one2one
   
   # security.type=mapping
   # security.mapping=springRole=mondrianRole1;springRole2=mondrianRole2
   

2. tomcat/webapps/saiku/WEB-INF/users.properties

   admin=abcdefg,ROLE_USER,ROLE_ADMIN
   chenfan=1234567,ROLE_FINANCE
   xiaoqiuying=520520,ROLE_FINANCE
   

3. cube的schema文件里，仿FoodMart.xml里的最后一段：

   <!-- A California manager can only see customers and stores in California.
        They cannot drill down on Gender. -->
   <Role name="California manager">
     <SchemaGrant access="none">
       <CubeGrant cube="Sales" access="all">
         <HierarchyGrant hierarchy="[Store]" access="custom"
             topLevel="[Store].[Store Country]">
           <MemberGrant member="[Store].[USA].[CA]" access="all"/>
           <MemberGrant member="[Store].[USA].[CA].[Los Angeles]" access="none"/>
         </HierarchyGrant>
         <HierarchyGrant hierarchy="[Customers]" access="custom"
             topLevel="[Customers].[State Province]" bottomLevel="[Customers].[City]">
           <MemberGrant member="[Customers].[USA].[CA]" access="all"/>
           <MemberGrant member="[Customers].[USA].[CA].[Los Angeles]" access="none"/>
         </HierarchyGrant>
         <HierarchyGrant hierarchy="[Gender]" access="none"/>
       </CubeGrant>
     </SchemaGrant>
   </Role>
   
   <Role name="No HR Cube">
     <SchemaGrant access="all">
       <CubeGrant cube="HR" access="none"/>
     </SchemaGrant>
   </Role>
   

Done!