By viewing the sample user and default role
examples, you can get ideas about ways to define actual users and specific
roles.
-
Log in to PUC. Click Home > Administration.
The Administration perspective opens the Users & Roles page with the Manage Users tab selected.
- Highlight a user in the users list to display which roles are available for that user, as well as which roles are currently defined for that user.
-
Select the Manage
Roles tab to display the Operation
Permissions for the user's role, as defined by the checked
boxes.
These roles, added for your convenience, can be removed or altered based on your needs (see Table 1: Default Pentaho Security Settings). Each default role and sample user comes with a standard set of permissions, which provides for a specific set of capabilities when using Pentaho tools and the Pentaho Server (see Table 2: Operation Permissions).In this example, a ReadOnly role and a user called reader have been created.
-
Select the System
Roles tab to display the user's system role.
System Roles are built-in roles used to control default behaviors and permissions in PUC, handled implicitly or through system configuration, with automatic assignments. The default system role for all users is 'Authenticated'. If you want to restrict permissions, the 'Authenticated' role must be restricted or removed from the user.
Table. Default Pentaho Security Settings Default Role Sample User Default Operation Permissions Administrator admin - Administer Security
- Schedule Content
- Read Content
- Publish Content
- Create Content
- Execute
- Manage Data Sources
Business Analyst pat - Publish Content
Power User suzy - Schedule Content
- Read Content
- Publish Content
- Create Content
- Execute
Report Author tiffany - Schedule Content
- Publish Content
Table. Operation Permissions Operation Permission Definition Administer Security The default Administrator role automatically conveys all operation permissions to users assigned to that role, even if the check box next to it is cleared. These permissions include the Read and Create Content permissions, which are required for accessing the Administration perspective. - Gives access to the Administration perspective of PUC.
- Allows access to and the ability to manage all content in the Browse perspective.
- Allows the ability to view and work with all user schedules in the Schedules perspective.
- Gives the ability to create server block out times in the Schedules perspective.
Schedule Content - Allows the user to schedule reports and content.
- Gives the user the ability to view, edit, or delete their own schedules using the Schedules perspective.
Read Content - Gives the user the ability to view content in the Browse perspective.
- Gives the user the ability to view content through the File > Open dialog box.
Publish Content This permission includes tools such as Report Designer, Schema Workbench, and Metadata Editor. - Allows client tools to store reports or data models in the Pentaho Repository.
- When held in conjunction with Write permission on the target folder, allows a user to upload supported content types. See the Administer Pentaho Data Integration and Analytics document for details.
Create Content - Allows the user to create, import, delete, and save reports to the repository.
- Gives the user the ability to see a list of data sources which are used to create reports or dashboards.
Execute Allows the user to read and execute transformations and jobs.
Manage Data Sources - Allows the user to create, edit, or delete new data sources.
- Gives the user the ability to see a list of data sources that are used to create reports or dashboards.
- In Analyzer, allows the user to make inline model editing changes including modifying existing (base) measures.
- In Analyzer, allows the user to add and edit calculated measures to the data model.
- In Analyzer, allows the user to hide and show fields.
Operation permission does not include Metadata Editor data sources. See Pentaho Metadata Editor for details.