Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version 8

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default, the platform defines an administrative role called Admin. Use the steps below to change this value. For the examples below, assume that the new administrative role is called "NewAdmin."

pentaho.xml

In pentaho.xml, update the admin-role element within the acl-voter element.

Code Block
xmlxml
Wiki Markup
{quote*Be Careful:* In Pentaho security, role name case is important! A role named ADMIN is not the same as a role named Admin. For example, using the role named ADMIN when editing access control lists will not match a user who has been granted a role named Admin.{quote}

By default, the platform defines an administrative role called {{Admin}}. Use the steps below to change this value. For the examples below, assume that the new administrative role is called "{{NewAdmin}}."

h2. pentaho.xml

In {{pentaho.xml}}, update the {{admin-role}} element within the acl-voter element.

{code:xml}
<pentaho-system>
  <acl-voter>
    <admin-role>NewAdmin</admin-role>
    ...
{code}

Additionally, replace any references to the old administrative role within the {{default-acls}} element within the acl-publisher element.

...

Code Block
xmlxml
 

{code:xml}
<pentaho-system>
  <acl-publisher>
    <default-acls>
      <acl-entry role="NewAdmin" acl="ADMIN_ALL" />
      ...
{code}

{quote}*Warning:* If you modify the {{acl-publisher}} element, you'll probably need to re-apply the default ACLs. Please see [Re-Applying Default ACL|Re-Applying Default ACL]. Be careful though as re-applying default ACLs will reset any ACLs created through the Admin Permissions interface.

...


{quote}

h2. applicationContext-acegi-security.xml

...



Using the [Acegi Security documentation|http://www.acegisecurity.org/docbook/acegi.html] (section 21.3) as your guide, modify the {{objectDefinitionSource}} property of the  {{filterInvocationInterceptor}} bean to match the new admin group.

...



{quote}*Warning:* While the example below only shows a single url to role mapping, multiple lines in {{objectDefinitionSource}} refer to the administrative role and therefore must be changed too.

...

Code Block
xmlxml

{quote}

{code:xml}
<property name="objectDefinitionSource">
  <value>
    <![CDATA[
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    ...
    \A/admin.*\Z=NewAdmin
    ...
  ]]>
  </value>
</property>
{code}