Uploaded image for project: 'Pentaho Analysis - Mondrian'
  1. Pentaho Analysis - Mondrian
  2. MONDRIAN-1259

Mondrian security: access leaks from one user to another

    Details

    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.

      Description

      In version starting with the patch for MONDRIAN-1241 on Sept. 19, we see issues where access leaks from one request to another.

      1) We run query A with role X which has access to member m1
      2) We run query B with role Y which has access to member m2
      3) Query B is run with access to m1 rather than m2

      We have not tested updates to trunk for the last week or so (because of this and other issues).

      https://github.com/pentaho/mondrian/commit/cff0b3da7b72c3f5cf5070ad5b03c5c8d12d09ad

        Attachments

        1. FoodMart.xml
          34 kB
        2. screenshot-1.jpg
          screenshot-1.jpg
          83 kB
        3. screenshot-2.jpg
          screenshot-2.jpg
          52 kB

          Activity

            People

            • Assignee:
              ldeng Li Deng
              Reporter:
              gerweck Sarah Gerweck
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: