Use Pentaho Security
If you choose to use Pentaho Security as your security provider, you define users and roles through the User Console. The Default Users and Roles section provides an overview of the out-of-box users and roles, along with the permissions that are included with each role. Permissions can be further refined on the file- or folder-level from the Browse perspective of the User Console.
Before changing security settings, play it safe and back up these relevant files.- If you installed using the Installation Wizard or the Archive Installation, back up the Pentaho Business Analytics or BA Server directories.
- If you installed manually, back up the Pentaho .war and solutions.
When you are done, please go on to the next stop on the Guide Post graphic.
Default Users and Roles
Viewing default users and roles gives you an idea of how you can define your specific users and roles. To view the default users and roles, log into the User Console, click the Administration perspective link on the right, then Users and Roles from the items on the left, and the Manage Users tab. Highlighting a user in the Users list shows which roles are available for that user, as well as which role is currently defined for that user.
The Manage Roles tab shows similar information as the Manage Users tab, with the roles listed in the pane on the left, and the associated Operation Permissions for each role listed on the right.
Each default role and user comes with a standard set of permissions. These roles are added for your convenience and can be removed or altered based on your needs.
The default role for all users is Authenticated. If you want to restrict permissions, the Authenticated role must be restricted or the Authenticated role must be removed from the user.
Out-of-Box Role | Out-of-Box User | Default Operation Permissions |
---|---|---|
Administrator | admin |
|
Business Analyst Role | pat |
|
Power User Role | suzy |
|
Report Author Role | tiffany |
|
Each operation permission gives a specific set of permissions for Pentaho tools and the BA Server.
Operation Permission | Definition |
---|---|
Administer Security | The default Administrator role automatically conveys all operation permissions to users assigned to that role, even if the check box next to it is cleared. This includes the Read and Create Content permissions, which are required for accessing the Administration perspective.
|
Read Content |
|
Publish Content | This permission includes tools such as Report Designer, Agile BI, Schema Workbench, and Metadata Editor.
|
Manage Data Sources |
Note: This operation permission does not include Metadata data sources. This Metadata Security article gives specific information on how to give permissions to manage Metadata data sources. |
Schedule Content |
|
Create Content |
|
Add Users
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Manage Users tab is selected, then click the plus (+) sign above the list of users. The New User dialog box appears.
- Type to enter a new User Name, Password, and Confirm Password, then click OK.
Change User Passwords
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Manage Users tab is selected. From the Users list, click to select the user whose password you want to edit. The user's information populates to the right of the Users field.
- Click Edit, then enter and confirm the new password. Click OK.
Delete Users
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Manage Users tab is selected, then in the Users field, click to select the user or users you want to delete from the server.
- Click the x to delete the user or users. The Delete User confirmation dialog box appears.
- Click Yes, Delete to delete the user(s) and refresh the user list.
Assign Users to Roles
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Manage Users tab is selected, then click to highlight the user from the Available user list that you want to associate with a role.
- In the Role Available list, click to highlight the role that you want to associate with the selected user.
- Click the right arrow to move the role to the Role Selected list.
- You can remove a role from the Role Selected list by highlighting that role and clicking on the left arrow. The role moves from the Role Selected to Role Available list, and the user no longer has the permissions associated with that role.
Add Roles
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Roles tab is selected, then click the plus (+) sign above the list of roles. The New Role dialog box appears.
- Type to enter a new Name for the role, then click OK.
Assign Permissions to Roles
- After you add a new role, you need to assign operation permissions to it.
- Make sure that the role is highlighted in the Roles list.
- Assign permissions to the role by selecting from the Operation Permissions list to the right.
Delete Roles
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Roles tab is selected, then from the Available field, click to select the role or roles you want to delete from the server.
- Click the x to delete the role(s). The Delete Role confirmation dialog box appears.
- Click Yes to delete the role(s) and refresh the role list.
If users have only one role assigned to them and that role is deleted, then the users have no role assigned to them. The default role is Authenticated and all users have that role unless you remove it.
Assign Roles to Users
- Click on the Administration perspective link on the upper right toolbar of the console, then click on Users & Roles. The Users & Roles interface appears.
- Make sure the Roles tab is selected, then click to highlight the role from the Available roles list that you want to associate with a user or users.
- In the Members Available list, click to highlight the user or users that you want to associate with the selected role.
- Click the right arrow to move the selected users to the Members Selected list. You can click the double-right arrow to move all users from the Members Available to the Members Selected list.
- You can remove users from the Members Selected list by highlighting that user and clicking on the left arrow. The user moves from the Members Selected to Members Available list, and no longer has the permissions associated with the highlighted role.