Add global row-level security constraints

Pentaho Metadata Editor

Version
10.1.x
Audience
anonymous
Part Number
MK-95PDIA007-11
You must have a connection to a data source in Metadata Editor and have one or more tables selected.
A global constraint is an MQL formula statement that institutes a global restriction on the data you specify, down to the row level. Follow the instructions below to add custom global user- or role-based restrictions to your data source.
  1. In the left pane, right-click the table or column you want to modify, then click Edit from the context menu.
    The Physical Table Properties dialog box appears.
  2. Click the Plus Sign icon above the Available field in the middle of the screen.
    The Add New Property dialog box appears.
  3. Select Data Constraints, then click OK.
  4. Click the new Data Constraints item in the General category.
  5. Select the Global Constraint option in the right pane.
  6. Type in your constraint in the text box.
  7. Change any other relevant metadata options, then click OK to return to the Metadata Editor main window.
  8. When you are finished, save the metadata configuration as a domain using the Save As button, then publish it to the Pentaho Server as an XMI schema by selecting Publish from the File menu.

    When using the Global Constraint, a single MQL formula is used to define security for all users. In addition to the standard MQL functions available, there are also two additional functions:

    • USER(): Returns the name of the current user.
    • ROLES(): Returns a list of roles associated with the current user.

    The following example defines an MQL formula that allows administrators full access:

    IN("Admin"; ROLES())
    Note: All other users have no access.