Wednesday, July 6, 2011

Essbase Java API - Group Names When Using Shared Services

One of our Dodeca customers had a question about support for Essbase group names when using Shared Services security.  We did a bit of testing and found some interesting results to share.

One of the configuration settings in Dodeca allows Dodeca administrators to limit the sets of views/reports a user can see based on their assigned roles.   The roles can be sourced from a number of places including the Essbase group names.  That being said, with the advent of Shared Services, there is some confusion with the availability, to the Essbase Java API, of certain pieces of security information.  Dodeca uses the following Essbase Java API code to get the group names:

// get the olap user object
IEssOlapUser user = olapServer.getOlapUser(username);

// get the groups for the user
IEssIterator groups = user.getGroups();

// loop the groups
for (int i = 0; i < groups.getCount(); i++) {
  // get the group
  IEssOlapGroup group = (IEssOlapGroup)groups.getAt(i);

  // serialization code removed...

In testing this code in 11.1.2, we found that the group names are returned, but also have an '@' sign and the directory appended as well.  Of course, Dodeca communicates via web services, so the XML stream we saw coming out of Dodeca looked like this:

So, the information is available to the Essbase Java API with the caveat that the group name is postpended with the directory (which makes sense).

No comments: