Difficulties with RDBMS repository & JDBC security in RC2

[zach]

I used the instructions below to enable JDBC security.
http://forums.pentaho.org/showthread.php?t=56376

When I enable the RDBMS repository the reports don't work. I get the following errors:

09:15:32,067 INFO [CWM] CWM - Loaded CWM model into the default repository.
09:15:32,069 INFO [STDOUT] Pentaho BI Platform server is ready. (Pentaho BI Platform 1.6.0-RC2.820) Base Url = http://localhost:8080/pentaho/, Solution Path = /Users/zacharyzeus/workspace/downloads/pentaho16rc2/pentaho-demo/pentaho-solutions
09:18:12,171 INFO [SolutionRepositoryBase] Using solution name: null
09:18:31,918 WARN [LoggerListener] Authentication event AuthenticationFailureBadCredentialsEvent: joe; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb7 6: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; exception: Bad credentials
09:18:41,177 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: zach; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb7 6: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18
09:18:41,213 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: zach; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb7 6: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18
09:18:41,351 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
09:18:41,352 ERROR [SolutionEngine] a8c0e29c-6706-11dc-a53f-d160a286a9d0:SOLUTION-ENGINE:session-region-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
09:18:41,374 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
09:18:41,374 ERROR [SolutionEngine] a8cb1bcd-6706-11dc-a53f-d160a286a9d0:SOLUTION-ENGINE:global-department-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid


If I go back to memory based security, the RDBMS repository works and file based works.
If I use JDBC security, the file based repository works, but the RDBMS does not.

Zach

[mlowery]

FYI: The file-based solution repository doesn't enforce security on action sequences--even though you're forced to login--it enforces security only at the URL level.

Here are some things to check. What are the roles that user zach has been granted? (And when I ask this question, I mean what roles does Acegi Security output when its debugging output is turned on.) Once you know the user's roles, you can go assign permissions in one of two ways:

1. Batch assignment via default-acls (careful--it will reset any permissions set in the Permissions UI)
2. Admin Permissions UI

For the first, consult Re-Applying Default ACL. For the second, log in as the Pentaho administrator, click Admin, click Permissions, find your action sequence, and then assign permissions to one or more of the roles that zach has been granted.

I recommend option #1 as it will reset the default ACL--the one that references canned Pentaho roles--to an ACL that references your custom roles.

[zach]

Hi Matt,

I did option 1 and it didn't change the behavior, and option 2 is not available because I don't have access to any xactions. The behaviour is that I authenticate without a problem, but once I get in, I'm not allowed to use xactions.

The roles that the user has are: ceo, Admin, Authenticated.

However, in the PRO_ACLS_LIST table, all of the roles are prefixed by ROLE_ which we took out when we went through enabling JDBC security. I have also tried putting the original code in place (the one that had the role prefix) and that doesn't resolve the issue either. We get the same behavior as we did before

Here is the stack trace (I had to cut bits out to get it to fit, I took them out in the middle, I have attached the full stack trace as a file).

Code:

Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo'
15:29:30,430 DEBUG [FilterChainProxy] /Home at position 9 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@52e3b7'
15:29:30,430 DEBUG [AnonymousProcessingFilter] SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo'
15:29:30,430 DEBUG [FilterChainProxy] /Home at position 10 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.SecurityStartupFilter@e409b3'
15:29:30,431 DEBUG [SecurityStartupFilter] org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,453 DEBUG [SolutionEngine] ::: Starting execute of samples/rules/session-region-list.xaction
15:29:30,453 DEBUG [SolutionEngine] :SOLUTION-ENGINE:session-region-list.xaction: Getting runtime context and data
15:29:30,459 DEBUG [HibernateUtil] Starting new database transaction in this thread.
15:29:30,482 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:session-region-list.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
15:29:30,498 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:session-region-list.xaction: Created instanceId: 764fd688-673a-11dc-8392-59bd8bdee7a4
15:29:30,528 DEBUG [SolutionEngine] 764fd688-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:session-region-list.xaction: Loading action sequence definition file
15:29:30,570 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,570 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,570 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,570 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,570 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,571 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,579 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
15:29:30,579 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
15:29:30,579 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
15:29:30,579 ERROR [SolutionEngine] 764fd688-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:session-region-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
15:29:30,587 DEBUG [SolutionEngine] ::: Starting execute of samples/secure/global-department-list.xaction
15:29:30,587 DEBUG [SolutionEngine] :SOLUTION-ENGINE:global-department-list.xaction: Getting runtime context and data
15:29:30,588 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:global-department-list.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
15:29:30,588 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:global-department-list.xaction: Created instanceId: 765d9229-673a-11dc-8392-59bd8bdee7a4
15:29:30,588 DEBUG [SolutionEngine] 765d9229-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:global-department-list.xaction: Loading action sequence definition file
15:29:30,597 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,597 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,597 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,598 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,598 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,598 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,602 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,602 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
15:29:30,602 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
15:29:30,602 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
15:29:30,603 ERROR [SolutionEngine] 765d9229-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:global-department-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
15:29:30,603 DEBUG [FilterChainProxy] /Home at position 11 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter@38d1ff'
15:29:30,603 DEBUG [FilterChainProxy] /Home at position 12 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@62d40e'
15:29:30,603 DEBUG [FilterChainProxy] /Home at position 13 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@4fed96'
15:29:30,603 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/login.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getmondrianmodel.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getimage.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getresource.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/admin.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreport.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreportlist.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/versioncontrol.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertieseditor.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertiespanel.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/subscriptionadmin.*\Z; matched=false
15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/resetrepository.*\Z; matched=false
15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/viewaction.*solution.admin.*\Z; matched=false
15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/scheduleradmin.*\Z; matched=false
15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/publish.*\Z; matched=false
15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/logout.*\Z; matched=false
15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/.*\Z; matched=true
15:29:30,605 DEBUG [AbstractSecurityInterceptor] Secure object: FilterInvocation: URL: /Home; ConfigAttributes: [Authenticated]
15:29:30,605 DEBUG [AbstractSecurityInterceptor] Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,605 DEBUG [AbstractSecurityInterceptor] Authorization successful
15:29:30,605 DEBUG [XmlWebApplicationContext] Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authorization.AuthorizedEvent[source=FilterInvocation: URL: /Home]
15:29:30,605 DEBUG [AbstractSecurityInterceptor] RunAsManager did not change Authentication object
15:29:30,605 DEBUG [FilterChainProxy] /Home reached end of additional filter chain; proceeding with original chain
15:29:30,616 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,616 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,616 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,680 DEBUG [SolutionEngine] ::: Starting execute of samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction
15:29:30,681 DEBUG [SolutionEngine] :SOLUTION-ENGINE:Sales_by_Territory.xaction: Getting runtime context and data
15:29:30,681 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Territory.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
15:29:30,681 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Territory.xaction: Created instanceId: 766bc2fa-673a-11dc-8392-59bd8bdee7a4
15:29:30,681 DEBUG [SolutionEngine] 766bc2fa-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:Sales_by_Territory.xaction: Loading action sequence definition file
15:29:30,686 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,686 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,686 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,686 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,686 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
15:29:30,686 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:30,689 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:30,690 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
15:29:30,690 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction for operation 1 was denied.
15:29:30,690 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction for operation 1 was denied.
15:29:30,690 ERROR [SolutionEngine] 766bc2fa-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:Sales_by_Territory.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
15:29:32,148 DEBUG [SolutionEngine] ::: Starting execute of samples/steel-wheels/homeDashboard/Sales_by_Productline.xaction
15:29:32,148 DEBUG [SolutionEngine] :SOLUTION-ENGINE:Sales_by_Productline.xaction: Getting runtime context and data
15:29:32,148 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Productline.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
15:29:32,148 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Productline.xaction: Created instanceId: 774b9bab-673a-11dc-8392-59bd8bdee7a4
15:29:32,155 DEBUG [SecurityUtils] principal is an instance of Authentication
15:29:32,156 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
15:29:32,156 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
15:29:32,156 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Productline.xaction for operation 1 was denied.

[mlowery]

If the ROLE_ prefix is still present in the PRO_ACLS_LIST table, then you will certainly be denied access. Please confirm that the following has been done:

1. Edit pentaho.xml, modifying the default-acls section.
2. Drop PRO_FILES and PRO_ACLS_LIST and delete row from VERSIONMAP.
3. Restart the Pentaho BI Server.

[zach]

We are getting there!!! Thanks Matt for your help.

I have posted my pentaho.xml file so that people can see the changes I have made.

Next issue is that now that I have the rdbms repository working, when I go into the "permissions" screen my "Solution Repository" is show as "null".

Zach

[mlowery]

I took a look at your pentaho.xml. My first thought was that there is a case inconsistency in role names.

For example, this uses Admin...

Code:

<default-acls>
  <acl-entry role="Admin" acl="ADMIN_ALL" />
  ...

...and this uses ADMIN...

Code:

<acl-voter>
  <admin-role>ADMIN</admin-role>
</acl-voter>

I looked at the code for the Permissions interface and this would most definitely cause a problem.

[zach]

Ok, so that did it.

I changed the

Code:

<acl-voter>
  <admin-role>ADMIN</admin-role>
</acl-voter>

to

Code:

<acl-voter>
  <admin-role>Admin</admin-role>
</acl-voter>

And that worked.

Thanks!!!