...
- Plan.
You must plan out your security before telling Pentaho how to use it. For example, you must also have the appropriate security back-ends (e.g. LDAP) in place.- Determine your roles.
What roles (out of potentially many) will have meaning in the Pentaho BI Platform? - Determine which roles should have access to particular URLs.
This is web resource authorization. Example question: What role will be considered the Pentaho administrator? - Determine which roles should have which permissions to particular action sequences in the solution repository.
This is domain object authorization. Example question: Will roleA
be allowed to execute action sequences in folderX
?
- Determine your roles.
- If you'd like to use a role prefix, define one. (By default, there is no role prefix.)
- Enable action sequence security.
- Define the Pentaho administrator role.
- Take the domain object authorization rules (from the earlier planning step) and define them in the IAclPublisher section of pentaho.xml.
- Apply the ACLs.
- Take the web resource authorization rules (from the earlier planning step) and define them in the
filterInvocationInterceptor
bean inapplicationContext-acegi-security.xml
. - Optionally, customize the login page.