Versions Compared

Version Old Version 37 New Version 38
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

One might ask: How many ways can a voter arrive at a decision? Assume that user sally has the following granted authorities: ROLE_DEV and ROLE_MGR. Also assume that the ACL for a particular object contains the following entries: (sally, read), (ROLE_DEV, readwrite). Both ACL entries are applicable to sally since the first specifies sally (and she is sally) and the second specifies ROLE_DEV (and she has been granted the ROLE_DEV authority). Should the voter grant or deny a request to write to the object associated with this ACL? This is where extensibility of the voting system comes in. The Pentaho BI Platform provides multiple implementations of IAclVoter that each make different decisions in this situation! As the user of the platform, you decide how access decisions are made through your choice of IAclVoter. For more information about IAclVoter implementations, see 12. IAclVoter Node.

Panel
bgColor#FFFFFF
titleIAclVoter Hierarchy

...

  1. Click Add under the access control list entry table. You see a new list appear on the right that lists all roles and users available to the system.
  2. Select the roles and/or users that you want to grant permissions to, and then select the permissions that you would like them to receive.
  3. Click Add at the bottom of the New Permission panel to add your newly defined access control list entries.
    Tip
    titleHandy Hint

    Note: If your organization has many users and/or you want to create ACL entries using roles only, you can increase performance by adjusting the settings contained in the access-ui node in pentaho.xml file.

ACL Publishing

The db-based solution repository is refreshed from the file system. In other words, solution repository objects are created as files on the filesystem and those objects are refreshed (published) in the db-based solution repository. In the files ystem, solution repository objects have no associated ACLs--at least as far as the platform is concerned. But once solution repository objects are published to the db-based repository, they do have associated ACLs. So how did the objects get their ACLs? The answer is an IAclPublisher. There is only one IAclPublisher instance per JVM and the type of that instance is specified in pentaho.xml. For more information about IAclPublisher implementations, see 13. IAclPublisher Node.

Note that an IAclPublisher is only responsible for the initial publishing of ACLs. After the file system is initially published, the Admin > Permissions interface should be used to tweak permissions.