Pentaho metadata provides a Security Information property that allows you to define table or column level security that the Pentaho BI Server can make use of. Before you can use this property, you need to tell the Pentaho Metadata Editor about your Pentaho BI Server, so that the program can retrieve the list of Users, Roles and Access Control Lists needed.
The security information used in the business model needs to be retrieved from a Pentaho BI Server, so make sure you have the following information available before you attempt to configure security:
You can click the Test button to be sure the settings are correct, and your server is accessible. You should see a message similar to the following:
You will at times want to work on your model, and may not have access to your Pentaho BI Server. You can save your security information in a file, and the Pentaho Metadata Editor will be just as happy to retrieve your settings from that file instead of making a trip to the server every time you open this domain.
To add security constraints to a specific business table or column, first bring up the properties dialog, and then click the add property button:
Select the Security Information property and click OK
With the security property available, now add the individual role or user permissions to the business model, table, or column. These permissions will then be enforced within Pentaho's BI Platform after publishing the new metadata model.
(This section is obsolete, as of 3.7 or earlier. SecurityAwareCwmSchemaFactory was deprecated according to Javadoc. Does anybody know the new config required?)
By default, the Pentaho BI Server's Metadata configuration is not security aware. To enable security aware metadata on the Pentaho BI Server, modify the pentaho-solutions/system/pentaho.xml:
replace this line:
||Completed||Priority||Locked||CreatedDate||CompletedDate||Assignee||Name|| |F|H|F|1311589238069| |email@example.com|SecurityAwareCwmSchemaFactory|