Hitachi Vantara Pentaho Community Wiki
Child pages
  • 06. Adding Row Level Security to a Pentaho Metadata Model
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Adding Row Level Secrity to a Pentaho Metadata Model

Row Level Security allows you to control the results that are returned in a query based on a user's security level.  You can specify which rows of data each User Role or User ID is allowed to retrieve from the database, based on some column of data, or combination of columns of data.

Within the Metadata Editor, select the model to add Row Level Security to, right click on the Model, and select "Edit...".

From the Model Properties dialog, select the General -> Data Constraints Property:
 
 By default, Row Level Security is not enabled.  There are two forms of Row Level Security in Pentaho Metadata, Global Constraint and Role Based Constraints.

Global Constraint

If using the Global Constraint, a single MQL Formula is used to define security for all users.  In addition to the standard MQL Functions available, there are also two additional functions available.

  • USER() - returns the name of the current user
  • ROLES() - returns a list of roles the current user has.

Example of Global Constraints

This example defines an MQL Formula that allows Admins full access, and everyone else no access

IN("Admin"; ROLES())

Role Based Constraints



  • No labels