Be Careful: In Pentaho security, role name case is important! A role named ADMIN is not the same as a role named Admin. For example, using the role named ADMIN when editing access control lists will not match a user who has been granted a role named Admin.
By default, the platform defines an administrative role called Admin
. Use the steps below to change this value. For the examples below, assume that the new administrative role is called "NewAdmin
."
pentaho.xml
In pentaho.xml
, update the admin-role
element within the acl-voter element.
Code Block | ||||
---|---|---|---|---|
| ||||
<pentaho-system> <acl-voter> <admin-role>NewAdmin</admin-role> ... |
Additionally, replace any references to the old administrative role within the default-acls
element and overrides
elements within the acl-publisher element.
Code Block | ||||
---|---|---|---|---|
| ||||
<pentaho-system> <acl-publisher> <default-acls> <acl-entry role="NewAdmin" acl="ADMIN_ALL" /> ... | ||||
Warning | title |
Warning
...
: If you modify the
acl-publisher
element, you'll probably need to re-apply the default ACLs. Please see Re-Applying Default ACL. Be careful though as re-applying default ACLs will reset any ACLs created through the Admin Permissions interface.
applicationContext-acegi-security.xml
Using the Acegi Security documentation (section 21.3) as your guide, modify the objectDefinitionSource
property of the filterInvocationInterceptor
bean to match the new admin group.
...
Warning
...
: While the example below only shows a single url to role mapping, multiple lines in
objectDefinitionSource
refer to the administrative role and therefore must be changed too.
Code Block | ||||
---|---|---|---|---|
| ||||
<property name="objectDefinitionSource"> <value> <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT ... \A/admin.*\Z=NewAdmin ... ]]> </value> </property> |