Using Security from Action Sequences

In addition to providing access to security information within the web application code, the security system of the platform provides access to security information within action sequences. The information then can be used in JavaScript rules, presented in reporting prompts, provided as input to SQL Lookup Rules, etc.

If you look at the inputs section of an action sequence, you will see inputs typically defined like this:

<inputs>
  <someInput type="string">
    <sources>
      <request>someInput</request>
    </sources>
  </someInput>
</inputs>

In the above example, the input (called someInput) can be found by looking at the request (HttpServletRequest, PortletRequest, etc.) for a variable called someInput. Then, throughout the rest of the action sequence, specific actions can reference that input.

Security Inputs

Pentaho BI Platform extends the inputs to provide a unique type of input--the security input. The following input names are supported:

Input Name	Type	Description
`principalName`	`string`	The name of the currently authenticated user.
`principalRoles`	`string-list`	The roles that the currently authenticated user is a member of.
`principalAuthenticated`	`string`	`true` if the user is authenticated, `false` otherwise.
`principalAdministrator`	`string`	`true` if the user is considered a Pentaho Administrator, `false` otherwise.
`systemRoleNames`	`string-list`	All the known roles in the system. Use caution since this list could be quite long.
`systemUserNames`	`string-list`	All the users known to the system. Use caution since this list could be quite long.

Example

The following input section will get the list of the user's roles, and make it available to all the actions in the action sequence:

<inputs>
  <principalRoles type="string-list">
    <sources>
      <security>principalRoles</security>
    </sources>
  </principalRoles>
</inputs>