Hitachi Vantara Pentaho Community Wiki
Child pages
  • 06. Adding Row Level Security to a Pentaho Metadata Model

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Adding Row Level

...

Security to a Pentaho Metadata Model

Row Level Security allows you to control the results that are returned in a query based on a user's security level.  You can specify which rows of data each User Role or User ID is allowed to retrieve from the database, based on some column of data, or combination of columns of data.

...

This example defines an MQL Formula for three different roles.  The Admin Role has full row visibility, the Sales and Engineering Roles may only see data that joins to rows with their particular department. (The syntax is [business_table.business_column] = value).

Role

Constraint

Admin

TRUE()

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bba37717-ba17-441e-9f93-5ff0e5c25c7b"><ac:plain-text-body><![CDATA[

Sales

[BT_OFFICE.BC_DEPARTMENT]="Sales"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8018eb92-b86b-431c-b263-bb7ed47c309b"><ac:plain-text-body><![CDATA[

Engineering

[BT_OFFICE.BC_DEPARTMENT]="Engineering"

]]></ac:plain-text-body></ac:structured-macro>

Important Note

Row Level Security Constraints are applied at the MQL Layer.  The Business Columns referenced in the MQL Security Constraints will be resolved down to SQL Table Columns.  The Tables which contain column references included in security constraints will be joined to your query, based on the relationships defined in the Business Model.  It is recommended that you do not use outer joined business columns for the purposes of security constraints.