Dear Mondrian/Pentaho BI server team
I am trying to implement this security options in Mondrian schema and currently am facing issues to get around with it. I am using pentaho biserver 5.0.1 Community edition.
1) Tried Listing 6.3. Lookup-map role mapper configuration by editing pentahoObjects.spring.xml as below (un-commented this portion) and restarted the biserver.<bean id="Mondrian-UserRoleMapper" >name="Mondrian-SampleLookupMap-UserRoleMapper"class="org.pentaho.platform.plugin.action.mondrian.mapper.MondrianLookupMapUserRoleListMapper" scope="singleton"><property name="lookupMap"> <map><entry key="suzy" value="suzy" /><!-- <entry key="ceo" value="M_CEO" /><entry key="cto" value="M_CTO" /><entry key="dev" value="M_DEV" /> --><entry key="Power User" value="Power User" /></map></property></bean>
2) Created a user and role (both) named as suzy in Pentaho. Assigned the user suzy with the role suzy in Pentaho.
3) Designed the Mondrian schema which is working fine when tested through Saiku analytics without adding grants. However when added the following code in Mondrian schema xml file <Role name="suzy">
<SchemaGrant access="none">
</SchemaGrant>
</Role
and while testing through the visualization tool (saiku). the schema doesn't show. Knowing that i have added the following resctriction on my schema.
<Role name="suzy">
<SchemaGrant access="none">
<CubeGrant cube="Client creations" access="all">
<!-- <HierarchyGrant hierarchy="[Store]" access="custom" rollupPolicy="partial" topLevel="[Store].[Store Country]">
<MemberGrant member="[Store].[USA].[CA]" access="all"/>
<MemberGrant member="[Store].[USA].[CA].[Los Angeles]" access="none"/>
</HierarchyGrant>
<HierarchyGrant hierarchy="[Customers]" access="custom" rollupPolicy="full" topLevel="[Customers].[State Province]" bottomLevel="[Customers].[City]">
<MemberGrant member="[Customers].[USA].[CA]" access="all"/>
<MemberGrant member="[Customers].[USA].[CA].[Los Angeles]" access="none"/>
</HierarchyGrant>
<HierarchyGrant hierarchy="[Gender]" access="none"/> -->
</CubeGrant>
</SchemaGrant>
</Role>
Please all i dearly seek your advise
Related
I have my portlet with CRUD-operations (different bundles, services, etc.).
I want to implement custom actions in permission for this portlet.
I create default.xml file:
<?xml version="1.0"?>
<resource-action-mapping>
<portlet-resource>
<portlet-name>com.mypackage.MyPortlet</portlet-name>
<permissions>
<supports>
<action-key>STACKOVERFLOW_ACTION</action-key>
</supports>
</permissions>
</portlet-resource>
</resource-action-mapping>
And create portlet.properties:
include-and-override=portlet-ext.properties
resource.actions.configs=resource-actions/default.xml
The questions is - why do I have nothing in control panel besides default actions life "ADD_TO_PAGE", etc? What am I doing wrong?
UPD:
This varient doesn't work too. =(
<?xml version="1.0"?>
<!DOCTYPE resource-action-mapping PUBLIC "-//Liferay//DTD Resource Action Mapping 7.0.0//EN" "http://www.liferay.com/dtd/liferay-resource-action-mapping_7_0_0.dtd">
<resource-action-mapping>
<model-resource>
<model-name>mypackage.web.portlet.MyPortlet</model-name>
<portlet-ref>
<portlet-name>mypackage_web_portlet_MyPortlet</portlet-name>
</portlet-ref>
<root>true</root>
<weight>1</weight>
<permissions>
<supports>
<action-key>VIEW_TEST</action-key>
</supports>
<site-member-defaults>
<action-key>SUBSCRIBE_TEST</action-key>
</site-member-defaults>
<guest-defaults />
<guest-unsupported>
<action-key>ADD_ENTRY_TEST</action-key>
<action-key>PERMISSIONS_TEST</action-key>
<action-key>SUBSCRIBE_TEST</action-key>
</guest-unsupported>
</permissions>
</model-resource>
You should use the <model-resource> block rather than <portlet-resource>: Portlet-Resource is handled by Liferay (and uses the predefined vocabulary) while your portlet or service introduces its own datatypes, on which you can define your own permissions.
When a new version of an item is created in master database, if we edit the item and save and publish it.The item gets published and web database contains the latest updated version item. But while browsing item is not visible on the website
some $name is visible for the item.
Sometimes the item is not visible and sometimes it is visible with $name.
Also when browsing the item directly through url item is visible with latest updated content,so the item is published.Its seems some problem related with indexing.
But when an item is directly edited without the creating a new version,then the issue doesn't exist.So the issue is with the indexing as well as versions as I guess there will be more than one latest versions for the web index which is creating the problem.
How to fix this issue? As a workaround I have to delete the item from web database and republish and rebuild the index again to solve the issue.
Is there a need to customize the existing indexing and crawler strategy for more than one versions of items?If so which files needs to customize or override and change?"
Here is the code snippet for web indexing for the data items to be displayed?
<!-- sitecore_web_content_mag_index -->
<indexes hint="list:AddIndex">
<index id="sitecore_web_content_mag_index" type="Sitecore.ContentSearch.LuceneProvider.SwitchOnRebuildLuceneIndex, Sitecore.ContentSearch.LuceneProvider">
<param desc="name">$(id)</param>
<param desc="folder">$(id)</param>
<param desc="propertyStore" ref="contentSearch/indexConfigurations/databasePropertyStore" param1="$(id)" />
<configuration ref="contentSearch/indexConfigurations/defaultLuceneIndexConfiguration" />
<strategies hint="list:AddStrategy">
<strategy ref="contentSearch/indexConfigurations/indexUpdateStrategies/onPublishEndAsync" />
</strategies>
<commitPolicyExecutor type="Sitecore.ContentSearch.CommitPolicyExecutor, Sitecore.ContentSearch">
<policies hint="list:AddcommitPolicy">
<policy type="Sitecore.ContentSearch.TimeIntervalCommitPolicy, Sitecore.ContentSearch" />
</policies>
</commitPolicyExecutor>
<locations hint="list:AddCrawler">
<crawler type="Sitecore.ContentSearch.SitecoreItemCrawler, Sitecore.ContentSearch">
<Database>web</Database>
<Root>/sitecore/content/Site/Home</Root>
</crawler>
</locations>
</index>
</indexes>
When using the ContentSearch API, you can filter the results to return only the latest version by doing something like this:
searchContext.GetQueryable<SearchResultItem>()
.Where(result => result["_latestversion"].Equals("1");
Or, if you have created your own search result model, you can add a property to it to make the query syntax more consise.
Search Result Model:
public class CustomSearchResultItem : SearchResultItem
{
[IndexField("_latestversion")]
public bool IsLatestVersion { get; set; }
// other properties
}
Query
searchContext.GetQueryable<CustomSearchResultItem>()
.Where(result => result.IsLatestVersion);
Another approach is to use extension methods as described in this post: http://laubplusco.net/generic-extension-methods-sitecore-contentsearch/
I am attempting to implement LDAP authentication, along with the required permissions.
<internalSecurity>
<cache type="inMemoryCache" duration="60" mode="sliding" />
<audit>
<xmlFileAudit location="D:\Logs\CCNet_Audit.xml"/>
</audit>
<auditReader type="xmlFileAuditReader" location="D:\Logs\CCNet_Audit.xml"/>
<users>
<ldapUser name="*username*" domain="*localdomain*"/>
</users>
<permissions>
<rolePermission name="Admin" forceBuild="Allow" sendMessage="Allow" startProject="Allow" changeProject="Allow" viewSecurity="Allow" modifySecurity="Allow" viewProject="Allow" viewConfiguration="Allow" >
<users>
<userName name="*username*"/>
</users>
</rolePermission>
</permissions>
Inside my project I have the following XML:
<project name="TestProject" description="TestProject" queue="Q7">
<security type="defaultProjectSecurity" defaultRight="Deny">
<permissions>
<rolePermission name="Admin" ref="Admin"/>
</permissions>
</security>
My log at (D:\Logs\CCNet_Audit.xml) is saying that I am "Denied"
<event><dateTime>2015-08-17T09:30:41.7973762-04:00</dateTime><user>*username*</user><type>Login</type><outcome>Deny</outcome></event>
and the project is unavailable within CC Tray.
My username is correct and I have the domain correct within the configuration (I just don't want to share it).
One thing I have noticed is that There seems to be a case issue within the username that Cruise Control is getting c-Joe.smith versus the english "normalization" of c-Joe.Smith . . . and yes I have tried it both ways.
Any help?
Try setting defaultRight="Allow" for your admin group.
<rolePermission name="Admin" defaultRight="Allow" forceBuild="Allow" sendMessage="Allow" startProject="Allow" changeProject="Allow" viewSecurity="Allow" modifySecurity="Allow" viewProject="Allow" viewConfiguration="Allow" >
<users>
<userName name="*username*"/>
</users>
</rolePermission>
I am looking for a method to check if a cube is accessable i.e. it is processed and not broken.
Example: I got a working cube and i full process a shared dimension so that the cube gets broken.
Is there any mdx or xmla method of finding out what cubes are accessable / processed?
There is an XMLA command DISCOVER_XML_METADATA that can return the state of the database (processes/unprocessed) among other properties. I don't have the best handle on XMLA, so I don't know how to get just the part you need, but this query will return results in the form of XML, and you can parse it from there.
<Discover xmlns="urn:schemas-microsoft-com:xml-analysis">
<RequestType>DISCOVER_XML_METADATA</RequestType>
<Restrictions>
<RestrictionList>
<DatabaseID>AdventureWorks2012MD</DatabaseID>
</RestrictionList>
</Restrictions>
<Properties>
<PropertyList>
</PropertyList>
</Properties>
</Discover>
This requests gets the properties from the objects related to the SSAS database called AdventureWorks2012M. In the results you will see the following:
<Database>
<Name>AdventureWorks2012MD</Name>
<ID>AdventureWorks2012MD</ID>
<CreatedTimestamp>2013-08-01T01:41:10.926667</CreatedTimestamp>
<LastSchemaUpdate>2013-08-01T01:45:05.91</LastSchemaUpdate>
<Description />
<LastProcessed>2013-08-01T01:46:39.713333</LastProcessed>
<State>Processed</State>
<LastUpdate>2014-01-07T19:41:45.146667</LastUpdate>
<AggregationPrefix />
<Language>1033</Language>
<Collation>Latin1_General_CI_AS</Collation>
<Visible>true</Visible>
...
You care about <State>Processed</State>for that database. You can also get the state for each of the dimensions and measure groups as well by adding MeasureGroupID or DimensionID to the restrictions list.
Sitecore CMS+DMS 6.6.0 rev.130404 => 7.0 rev.130424
In our project we have been using AdvancedDatabaseCrawler (ADC) for our indexes (specially because of it's dynamic fields feature). Here's a sample index configuration:
<index id="GeoIndex" type="Sitecore.Search.Index, Sitecore.Kernel">
<param desc="name">$(id)</param>
<param desc="folder">$(id)</param>
<analyzer ref="search/analyzer" />
<locations hint="list:AddCrawler">
<web type="scSearchContrib.Crawler.Crawlers.AdvancedDatabaseCrawler, scSearchContrib.Crawler">
<database>web</database>
<root>/sitecore/content/Globals/Locations</root>
<IndexAllFields>true</IndexAllFields>
<include hint="list:IncludeTemplate">
<!--Suburb Template-->
<suburb>{FF0D64AA-DCB4-467A-A310-FF905F9393C0}</suburb>
</include>
<dynamicFields hint="raw:AddDynamicFields">
<dynamicField type="OurApp.CustomSearchFields.SearchTextField,OurApp" name="search text" storageType="NO" indexType="TOKENIZED" vectorType="NO" />
<dynamicField type="OurApp.CustomSearchFields.LongNameField,OurApp" name="display name" storageType="YES" indexType="UN_TOKENIZED" vectorType="NO" />
</dynamicFields>
</web>
</locations>
</index>
As you can see, we use scSearchContrib.Crawler.Crawlers.AdvancedDatabaseCrawler as the crawler and it uses the fields defined inside <dynamicFields hint="raw:AddDynamicFields"> section to inject custom fields into the index.
Now we are upgrading our project to sitecore 7. In Sitecore 7, they have ported the DynamicFields functionality from ADC into sitecore. I found out some articles on this and converted our custom search field classes to implement sitecore 7 IComputedIndexField interface instead of inheriting from BaseDynamicField class in ADC. Now my problem is how to change the index configuration to match with new sitecore 7 APIs. There were bits and pieces on the web but couldn't find all the examples I needed to convert my configuration. Can anybody help me on this?
While I'm doing this I'm under the impression that we won't have to rebuild our indexes since it still uses Lucene internally. I don't want to change the index structure. Just want to upgrade the code and configuration from AdvancedDatabaseCrawler to Sitecore 7. Should I be worried about breaking our existing indexes? Please shed some light on this as well.
Thanks
A few quick clarifications :)
We have not merged ADC into Sitecore 7, the ContentSearch layer is a complete rewrite of the old search layer for Sitecore. We have taken some of the core concepts from ADC, such as dynamic fields, and put them in the new implementation (as ComputedFields). They are not 1:1 compatible and you will have to do some work on your indexes.
The version of Lucene has also been upgraded from 2.* to 3.0.3 so all indexes will need to be re-created anyway as they are a very different version of Lucene.
There are two options here, the old Lucene search (Sitecore.Search namespace) (which ADC was built upon) has not been touched and will still work in the same way, although I am not sure about ADC compatibility with SItecore 7 as in theory this has now been superseded.
The next option is to update your index to take advantage of the new search features of Sitecore 7. The configuration you have will not be directly compatible but, while you will need to rework your index into the new configuration, the basic concepts should be familiar to you. The dynamic fields you have should map logically to ComputedFields (fields that are calculated when an item is indexed) and everything else is straightforward.
While it looks like a lot of extra config for ContentSearch a lot of it is default config that you will not need to touch, you will just need to override the configuration parts for the computed fields you want to add and the template you want to include.
An example of creating your own configuration override can be found here : http://www.mikkelhm.dk/post/2013/10/12/Defining-a-custom-index-in-Sitecore-7-and-utilizing-it.aspx
I would also recommend making sure you upgrade to 7.0 rev. 131127 (7.0 Update-3) as this fixes a bug in the IncludeTemplates logic in the version you currently have.
I managed to convert the index configuration for sitecore ContentSearch API. Looking at Sitecore default index configurations was a great help for this.
Note: As also mentioned by Stephen, <include hint="list:IncludeTemplate"> does not work in Sitecore 7.0 initial release. It's fixed in Sitecore 7.0 rev. 131127 (7.0 Update-3) and I'm planning to upgrade to it.
Here's a good article on sitecore 7 index update strategies by John West. It'll help you in configuration your indexes the way you want.
Converted configuration:
<sitecore>
<contentSearch>
<configuration type="Sitecore.ContentSearch.LuceneProvider.LuceneSearchConfiguration, Sitecore.ContentSearch.LuceneProvider">
<DefaultIndexConfiguration type="Sitecore.ContentSearch.LuceneProvider.LuceneIndexConfiguration, Sitecore.ContentSearch.LuceneProvider">
<IndexAllFields>true</IndexAllFields>
<include hint="list:IncludeTemplate">
<!--Suburb Template-->
<suburb>{FF0D64AA-DCB4-467A-A310-FF905F9393C0}</suburb>
</include>
<fields hint="raw:AddComputedIndexField">
<field fieldName="search text" storageType="NO" indexType="TOKENIZED" vectorType="NO">OurApp.CustomSearchFields.SearchTextField,OurApp</field>
<field fieldName="display name" storageType="YES" indexType="UN_TOKENIZED" vectorType="NO">OurApp.CustomSearchFields.LongNameField,OurApp</field>
</fields>
</DefaultIndexConfiguration>
<indexes hint="list:AddIndex">
<index id="GeoIndex" type="Sitecore.ContentSearch.LuceneProvider.LuceneIndex, Sitecore.ContentSearch.LuceneProvider">
<param desc="name">$(id)</param>
<param desc="folder">$(id)</param>
<!-- This initializes index property store. Id has to be set to the index id -->
<param desc="propertyStore" ref="contentSearch/databasePropertyStore" param1="$(id)" />
<strategies hint="list:AddStrategy">
<!-- NOTE: order of these is controls the execution order -->
<strategy ref="contentSearch/indexUpdateStrategies/onPublishEndAsync" />
</strategies>
<commitPolicy hint="raw:SetCommitPolicy">
<policy type="Sitecore.ContentSearch.TimeIntervalCommitPolicy, Sitecore.ContentSearch" />
</commitPolicy>
<commitPolicyExecutor hint="raw:SetCommitPolicyExecutor">
<policyExecutor type="Sitecore.ContentSearch.CommitPolicyExecutor, Sitecore.ContentSearch" />
</commitPolicyExecutor>
<locations hint="list:AddCrawler">
<crawler type="Sitecore.ContentSearch.LuceneProvider.Crawlers.DefaultCrawler, Sitecore.ContentSearch.LuceneProvider">
<Database>web</Database>
<Root>/sitecore/content/Globals/Countries</Root>
</crawler>
</locations>
</index>
</indexes>
</configuration>
</contentSearch>
</sitecore>