Changing the Admin Role

Owned by Former user (Deleted)
Last updated: Sept 24, 2009Version comment
1 min read

Be Careful: In Pentaho security, role name case is important! A role named ADMIN is not the same as a role named Admin. For example, using the role named ADMIN when editing access control lists will not match a user who has been granted a role named Admin.

By default, the platform defines an administrative role called Admin. Use the steps below to change this value. For the examples below, assume that the new administrative role is called "NewAdmin."

pentaho.xml

In pentaho.xml, update the admin-role element within the acl-voter element.

<pentaho-system>
  <acl-voter>
    <admin-role>NewAdmin</admin-role>
    ...

Additionally, replace any references to the old administrative role within the default-acls and overrides elements within the acl-publisher element. 

<pentaho-system>
  <acl-publisher>
    <default-acls>
      <acl-entry role="NewAdmin" acl="ADMIN_ALL" />
      ...

Warning: If you modify the acl-publisher element, you'll probably need to re-apply the default ACLs. Please see Re-Applying Default ACL. Be careful though as re-applying default ACLs will reset any ACLs created through the Admin Permissions or PUC's Share tab.

applicationContext-spring-security.xml

Modify the objectDefinitionSource property of the filterInvocationInterceptor bean to match the new admin group.

Warning: While the example below only shows a single url to role mapping, multiple lines in objectDefinitionSource refer to the administrative role and therefore must be changed too.

<property name="objectDefinitionSource">
  <value>
    <![CDATA[
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    ...
    \A/admin.*\Z=NewAdmin
    ...
  ]]>
  </value>
</property>