Using Security from Action Sequences

In addition to providing access to security information within the web application code, the security system of the platform provides access to security information within action sequences. The information then can be used in JavaScript rules, presented in reporting prompts, provided as input to SQL Lookup Rules, etc.

If you look at the inputs section of an action sequence, you will see inputs typically defined like this:

<inputs>
  <someInput type="string">
    <sources>
      <request>someInput</request>
    </sources>
  </someInput>
</inputs>

In the above example, the input (called someInput) can be found by looking at the request (HttpServletRequest, PortletRequest, etc.) for a variable called someInput. Then, throughout the rest of the action sequence, specific actions can reference that input.

Security Inputs

Pentaho BI Platform extends the inputs to provide a unique type of input--the security input. The following input names are supported:

Input Name

Type

Description

principalName

string

The name of the currently authenticated user.

principalRoles

string-list

The roles that the currently authenticated user is a member of.

principalAuthenticated

string

true if the user is authenticated, false otherwise.

principalAdministrator

string

true if the user is considered a Pentaho Administrator, false otherwise.

systemRoleNames

string-list

All the known roles in the system. Use caution since this list could be quite long.

systemUserNames

string-list

All the users known to the system. Use caution since this list could be quite long.

Example

The following input section will get the list of the user's roles, and make it available to all the actions in the action sequence:

<inputs>
  <principalRoles type="string-list">
    <sources>
      <security>principalRoles</security>
    </sources>
  </principalRoles>
</inputs>