| Include Page |
|---|
| ServerDoc2x:Role Name Case Caution (Include) |
|---|
| ServerDoc2x:Role Name Case Caution (Include) |
|---|
|
Configuring security involves quite a few steps. Use the list below to make sure you've covered everything.
- Plan.
You must plan out your security before telling Pentaho how to use it. For example, you must also have the appropriate security back-ends (e.g. LDAP) in place. - Determine your roles.
What roles (out of potentially many) will have meaning in the Pentaho BI Platform? - Determine which roles should have access to particular URLs.
This is web resource authorization. Example question: What role will be considered the Pentaho administrator? - Determine which roles should have which permissions to particular action sequences in the solution repository.
This is domain object authorization. Example question: Will role A be allowed to execute action sequences in folder X?
- If you'd like to use a role prefix, define one. (By default, there is no role prefix.)
- Enable action sequence security.
- Define the Pentaho administrator role.
- Take the domain object authorization rules (from the earlier planning step) and define them in the IAclPublisher section of pentaho.xml.
- Apply the ACLs.
- Take the web resource authorization rules (from the earlier planning step) and define them in the
filterInvocationInterceptor bean in applicationContext-acegi-security.xml.