Page Operations
Browse Space
 | Useful Information Starting in version 1.6, security is a feature of the Pentaho BI Platform. Prior to this version, security was only available in the Pentaho Professional BI Platform (now called the Subscription Edition). Furthermore, this document is relevant only to the Pentaho Professional BI Platform version 1.2.1 or later or the Pentaho BI Platform version 1.6 or later. See the Pentaho Professional BI Platform version 1.2.0 security documentation if you're using Pentaho Professional BI Platform version 1.2.0. (You can find the version you are running in several ways: (1) look at the log when the Pentaho BI Platform starts or (2) look at the bottom right of any page within the Pentaho BI Platform.) |
By default, the Pentaho distribution comes with the "in-memory" security data access object (DAO) enabled. Because this is only recommended for testing or small user populations, you'll want to switch over to either a relational database back-end or an LDAP back-end. This page shows you how to switch to the "JDBC" DAO. The instructions below describe a sample security database using HSQLDB
.
- Edit web.xml
Change the Spring XML files to use the JDBC DAOs instead of the in-memory ones. Open pentaho.war/WEB-INF/web.xml and look for the following section:web.xml (before)<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext-acegi-security.xml /WEB-INF/applicationContext-common-authorization.xml /WEB-INF/applicationContext-acegi-security-memory.xml /WEB-INF/applicationContext-pentaho-security-memory.xml </param-value> </context-param>
Change that section to look like:
web.xml (after)<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext-acegi-security.xml /WEB-INF/applicationContext-common-authorization.xml /WEB-INF/applicationContext-acegi-security-jdbc.xml /WEB-INF/applicationContext-pentaho-security-jdbc.xml </param-value> </context-param>
- Create the security tables
Copy the below SQL into a file called userdb.script.
The sample Spring XML files (i.e. pentaho.war/WEB-INF/applicationContext-acegi-security-jdbc.xml and pentaho.war/WEB-INF/applicationContext-pentaho-security-jdbc.xml) assume the tables below. If you already have security tables setup, or you wish to alter the sample, you'll need to adjust your SQL queries in the aforementioned Spring XML files.Sample SQL for HSQLDB to create security tablesCREATE SCHEMA PUBLIC AUTHORIZATION DBA
CREATE MEMORY TABLE USERS(USERNAME VARCHAR(50) NOT NULL PRIMARY KEY,PASSWORD VARCHAR(50) NOT NULL,ENABLED BOOLEAN NOT NULL,
DESCRIPTION VARCHAR(100))
CREATE MEMORY TABLE AUTHORITIES(AUTHORITY VARCHAR(50) NOT NULL PRIMARY KEY,DESCRIPTION VARCHAR(100))
CREATE MEMORY TABLE GRANTED_AUTHORITIES(USERNAME VARCHAR(50) NOT NULL,AUTHORITY VARCHAR(50) NOT NULL,CONSTRAINT FK_GRANTED_AUTHORITIES_USERS FOREIGN KEY(USERNAME) REFERENCES USERS(USERNAME),CONSTRAINT FK_GRANTED_AUTHORITIES_AUTHORITIES FOREIGN KEY(AUTHORITY) REFERENCES AUTHORITIES(AUTHORITY))
CREATE USER SA PASSWORD ""
GRANT DBA TO SA
SET WRITE_DELAY 10
SET SCHEMA PUBLIC
INSERT INTO USERS VALUES('admin','secret',TRUE)
INSERT INTO USERS VALUES('joe','password',TRUE)
INSERT INTO USERS VALUES('pat','password',TRUE)
INSERT INTO USERS VALUES('suzy','password',TRUE)
INSERT INTO USERS VALUES('tiffany','password',TRUE)
INSERT INTO AUTHORITIES VALUES('Admin','Super User')
INSERT INTO AUTHORITIES VALUES('Anonymous','User has not logged in')
INSERT INTO AUTHORITIES VALUES('Authenticated','User has logged in')
INSERT INTO AUTHORITIES VALUES('ceo','Chief Executive Officer')
INSERT INTO AUTHORITIES VALUES('cto','Chief Technology Officer')
INSERT INTO AUTHORITIES VALUES('dev','Developer')
INSERT INTO AUTHORITIES VALUES('devmgr','Development Manager')
INSERT INTO AUTHORITIES VALUES('is','Information Services')
INSERT INTO GRANTED_AUTHORITIES VALUES('joe','Admin')
INSERT INTO GRANTED_AUTHORITIES VALUES('joe','ceo')
INSERT INTO GRANTED_AUTHORITIES VALUES('joe','Authenticated')
INSERT INTO GRANTED_AUTHORITIES VALUES('suzy','cto')
INSERT INTO GRANTED_AUTHORITIES VALUES('suzy','is')
INSERT INTO GRANTED_AUTHORITIES VALUES('suzy','Authenticated')
INSERT INTO GRANTED_AUTHORITIES VALUES('pat','dev')
INSERT INTO GRANTED_AUTHORITIES VALUES('pat','Authenticated')
INSERT INTO GRANTED_AUTHORITIES VALUES('tiffany','dev')
INSERT INTO GRANTED_AUTHORITIES VALUES('tiffany','devmgr')
INSERT INTO GRANTED_AUTHORITIES VALUES('tiffany','Authenticated')
INSERT INTO GRANTED_AUTHORITIES VALUES('admin','Admin')
INSERT INTO GRANTED_AUTHORITIES VALUES('admin','Authenticated') - Start the database
The security database will need to be running before the first user logs in.Command to start HSQLDBjava -cp lib\hsqldb.jar org.hsqldb.Server -database.0 userdb -dbname.0 userdb -port 9002
exit - Start the application server
Now that the database is running and the security tables have been created, start the application server. - Stop the database
When you shutdown your application server, you'll want to shutdown the security database as well. The command to do that is below.Command to stop HSQLDBjava -cp lib\hsqldb.jar org.hsqldb.util.ShutdownServer -url "jdbc:hsqldb:hsql://localhost:9002/userdb" -user "sa" -password ""
exit
Patrick, there is no need to "run" the scripts you see, they are processed by the HSQLDB engine on startup, and modified as you interact with the database. Once the engine is up and running, the sample data is available for querying from any common query tool. I am not sure about a command line mode of interaction, but I know most of the Pentaho engineers do low level interaction with HSQLDB through a tool called DBVisualizer, which is nothing more than a typical JDBC driven query and DB admin tool. I believe there is either a free or trial version of it, just Google DBVisualizer. I'm certain there are comparable open source tools that can do the job as well.
Also, please post these inquiries to our forums in the future, as the wiki is our mainline documentation, and we would prefer to reserve comments here for corrections to the doc rather than support for the feature. You can find our forums at http://forums.pentaho.org .
I am using Oracle10g. First the users table must be changed because boolean is not a valid type. I chose CHAR(1) and used Y/N for values.
Next the usersByUsernameQuery query defined in applicationContext-acegi-security-jdbc.xml must be changed. For my table I changed it to -
SELECT username, password, CASE upper(enabled) when 'Y' then 1 else 0 end as enabled FROM users WHERE username = ?
When using a database other than hsqldb you have to modify pentaho-war\WEB-INF\applicationContext-acegi-security-jdbc.xml, the lines :
bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.hsqldb.jdbcDriver" />
<property name="url"
value="jdbc:hsqldb:hsql://localhost:9002/userdb" />
<property name="username" value="sa" />
<property name="password" value="" />
for your database.
Posted by Anonymous at Mar 09, 2008 06:33
When you run the script SampleDataDump_MySql.sql, it can give you this error:
ERROR 1292 (22007) at line 419 in file: 'SampleDataDump_MySql.sql': Incorrect datetime value: '2003-10-12 00:00:00' for column 'REQUIREDDATE' at row 491.
To avoid such error and run the script, I simply changed the type of column REQUIREDDATE to date and it then worked.
Regards, Sidarta O. S. Silva.
Posted by Anonymous at Jul 05, 2008 19:23
How do you run the create table scripts? I've started the HSQLDB but I see no way to interact with it!