Hitachi Vantara Pentaho Community Wiki
Child pages
  • 04. Using Security from Action Sequences
Skip to end of metadata
Go to start of metadata

Useful Information

This document is relevant only to the Pentaho BI Platform version 1.2.0 or earlier. See the Pentaho BI Platform version 1.2.1 or later security documentation if you're using version 1.2.1 or later. (You can find the version you are running in several ways: (1) look at the log when the Pentaho BI Platform starts or (2) look at the bottom right of any page within the Pentaho BI Platform.)

All this stuff doesn't provide you with much if all you can do is control access to specific action sequences or solution folders. To really make good use of the integrated security, you need to be able to have access to certain pieces of information--right from within the action sequence itself. The Pentaho Professional BI Platform also provides this critical access in a simple-to-understand manner. The information then can be used in JavaScript rules, presented in reporting prompts, provided as input to SQL Lookup Rules, etc.

If you look at the inputs section of an action sequence, you will see inputs typically defined like this:

  <someInput type="string">

In the above example, the input (called someInput) can be found by looking at the request (HttpServletRequest, PortletRequest, etc.) for a variable called someInput. Then, throughout the rest of the action sequence, specific actions can reference that input.

Security Inputs

Pentaho Professional BI Platform extends the inputs to provide a unique type of input--the security input. This input (as of this writing) supports the following input names:

Input Name





The name of the currently authenticated user.



The roles that the currently authenticated user is a member of.



"true" if the user is authenticated. "false" otherwise.



"true" if the user is considered a Pentaho Administrator. "false" otherwise.



All the known roles in the system. Be careful using this one as the list could be quite long.



All the users known to the system. Be very careful using this one as the list could be quite long.


The following input section will get the list of the user's roles, and make it available to all the actions in the action sequence:

  <principalRoles type="string-list">
  • No labels