Hitachi Vantara Pentaho Community Forums
Results 1 to 5 of 5

Thread: Data access security questions

  1. #1
    Join Date
    Feb 2008

    Default Data access security questions


    I have been looking at the ad hoc capabilities for Pentaho, and I am struggling to come up with a solution for one of our business requirements. We have a requirement that people can only see customers for accounts they have been assigned. When using the ad hoc querying tool I need to be able to restrict the available customers and accounts in the metadata model to those available to the person that has been logged in.

    I have reviewed the security wiki for the metadata editor, and the user/role access defined there seemed to be more geared towards what columns and tables are available. Is there some documentation that someone can point me towards that would explain how to accomplish the type of data level security I need to implement?


  2. #2
    Join Date
    Mar 2006


    I would also be interested in any information regarding this topic. We currently serve a state-wide population separated by a program ID field in each table. We would like to offer the ability for individual programs to report only on their specific data (for security reasons) but then allow state-wide administrators to generate reports including the entire state's data.

    Is this possible with the Ad Hoc Reporting and MetaData interfaces?

    We are currently paying for a third party application and the ability to integrate Pentaho over this third party application is quite desirable both from a financial standpoint as well as a feature/usability standpoint.


  3. #3
    Join Date
    Feb 2008

    Default This is a show stopper in regarding Pentaho for me

    We have the exact same problem. Right now reporting requirements are very low and parameterized reports will work, but this will change sooner or later.

    But, man I would love to make it work. Does anyone know a way?

    As the time comes that I have to make this move regardless of if I can do it with Pentaho, does anyone have other product suggestions?

  4. #4



    I think the good way is to add specific attribute to your user but i don't know.

    But you can use different business view where each one have specif join like "complex join" and say forone join you allow only the value A, B, ...

    After you have to use security in Metadata to allowed each business view to your user.


  5. #5
    Join Date
    Nov 2006

    Default Restricting access to Metadata models

    You can use the Pentaho Metadata editor to specify which users have access to each business model, and what kind of access they have. When a business user runs the Adhoc Reporting interface, they will only see business models that they (or the role(s) they belong to) have been given permission to see.

    To edit a business model's permissions, start the Pentaho Metadata editor, and double click on a business model's name in the tree control. This will cause the Business Model properties editor to popup. In this dialog, you will be able to modify who has access to the business model by selecting "Security Information" from the tree control, and specifying what users or roles have permission to access the model.

    See this page:, on the wiki for a picture of what the Business Model properties editor looks like. Sorry, this page does not contain a description of modifying permissions.
    Last edited by sbarkdull; 04-12-2008 at 03:35 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.