Pentaho Analysis - Mondrian
  1. Pentaho Analysis - Mondrian
  2. MONDRIAN-1168

Level restrictions ignored when dealing with union of multiple roles

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.4.1 GA (4.5.0 GA Suite Release)
    • Component/s: None
    • Labels:
      None
    • Customer Case:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
    • QA Validation Status:
      Validated by QA

      Description

      This relates to ESR-1931. When multiple roles are in play, Analyzer displays some of the levels for which the user has no access, despite the fact that Mondrian will still block queries from retrieving data at those forbidden levels.

        Activity

        Hide
        Luc Boudreau added a comment -
        Fixed in https://github.com/pentaho/mondrian/commit/7a06d832a9ab1e2ddf5ddfe00e9082c3d56412be

        UnionRoleImpl was not combining level restrictions correctly and was considering un-level-restricted roles in the union with level-restricted ones.

        QA: This can be tested with the repro steps in ESR-1931. I have also created a unit test for this in mondrian.test.AccessControlTest.testRoleUnionWithLevelRestrictions()
        Show
        Luc Boudreau added a comment - Fixed in https://github.com/pentaho/mondrian/commit/7a06d832a9ab1e2ddf5ddfe00e9082c3d56412be UnionRoleImpl was not combining level restrictions correctly and was considering un-level-restricted roles in the union with level-restricted ones. QA: This can be tested with the repro steps in ESR-1931. I have also created a unit test for this in mondrian.test.AccessControlTest.testRoleUnionWithLevelRestrictions()
        Hide
        Li Deng added a comment -
        Testing completed. Testing steps:
        1. Using the schema from the related issue ESR-1031 above.
        2. Create a data connection in PUC. publish the schema to the data connection.
        3. Verify the following:
        - Log as Joe, refresh repository cache, mondrian cache, log out
        - Log as Pat, notice the Markets dimension shows: Territory (topLevel) Country (bottomLevel), State Province and City (these should not show according to the levels restrictions)
        - Double click on Territory it shows APAC
        - Double click on Country itshows: Australia, Singapore, New Zealand
        - Double click on State it shows: "Report has no data"
        Show
        Li Deng added a comment - Testing completed. Testing steps: 1. Using the schema from the related issue ESR-1031 above. 2. Create a data connection in PUC. publish the schema to the data connection. 3. Verify the following: - Log as Joe, refresh repository cache, mondrian cache, log out - Log as Pat, notice the Markets dimension shows: Territory (topLevel) Country (bottomLevel), State Province and City (these should not show according to the levels restrictions) - Double click on Territory it shows APAC - Double click on Country itshows: Australia, Singapore, New Zealand - Double click on State it shows: "Report has no data"

          People

          • Assignee:
            Li Deng
            Reporter:
            Luc Boudreau
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: