...
Note that in order to access the Permissions Editor, you must be logged in as an administrator to the platform. Also, ACLs are only available if you are using teh the RDBMS solution repository. This feature is not available for the file-based solution repository implementationsimplementation.
In the screenshot above, the tree on the left represents all of the solution repository objects in your solution repository. You can set permissions on any level in the solution repository object tree. Setting permissions on lower level objects in the tree overrides permission settings higher in the tree. Conversely, if you set a permission on a solution repository object that has children, and the children do not have specific permissions set, they inherit the permissions settings from their parent. So, for example, if I set write execute permissions for JoeUser on the analysis object, then the query1.xaction object inherits that write execute permission. However, if I then set write and execute permission on the query1.xaction for JoeUser, these permissions are honored for that object, but other children of the analysis object would still only have their parent's (analysis) execute permission.
Today, there are only two permissions available, write and execute. Note that if you set write permission for an object, they automatically will get execute permission as well.
Each solution repository object can have any number of permission-role or permission-user combinations set. The
middle panel in the screenshot above lists the access control list entries defined for the solution repository object selected in the tree. You can modify the permissions for the roles or users that are defined in the existing access control list entries:
- Check or uncheck the box for the permission you wish to remove or grant, next to the role or user that you wish this change to be applicable to.
- Click the Update... button to submit the change.
- Clicking the Reset button will reverse any changes that have NOT YET been submitted.
...
To add a new access control list entry, follow these steps:
- Click the Add button under the access control list entry table. You will see a new list appear on the right, that lists all roles and users available to the system.
- Select the roles and/or users that you wish to grant permissions to, and then select the permissions that you would like them to recieve.
- Click the Add button at the bottom of the New Permission panel to add your newly defined access control list entries.
ACL Publishing
The db-based solution repository is refreshed from the filesystem. In other words, solution repository objects are created as files on the filesystem and those objects are refreshed (published) in the db-based solution repository. In the filesystem, solution repository objects have no associated ACLs--at least as far as the platform is concerned. But once solution repository objects are published to the db-based repository, they do have associated ACLs. So how did the objects get their ACLs? The answer is an IAclPublisher. There is only one IAclPublisher instance per JVM and the type of that instance is specified in pentaho.xml. For more information about IAclPublisher implementations, see ACL Publisher Details.
...