Hitachi Vantara Pentaho Community Forums
Results 1 to 5 of 5

Thread: Permissions dont work as expected

  1. #1
    Join Date
    Apr 2007
    Posts
    2,010

    Default Permissions dont work as expected

    Hi, Simple case - or so i thought!

    I have a role - TECH which is assigned to a user.

    I've made sure that the report has the TECH role.

    No one other than those with the TECH role can see the report.

    However, i left the ADMIN role with "Grant permissions" but not execute as that seemed sensible.

    Unfortunately the admin user can still execute the report.

    Is that a bug? Or is there something somewhere in the security setup that says admins can do whatever the hell they like? (arguably fair enough!)

    (3.5.2 with jdbc security enabled)

    Thanks,
    Dan

  2. #2

    Default

    I always assumed it was admins can do everything...
    This is a signature.... everyone gets it.

    Join the Unofficial Pentaho IRC channel on freenode.
    Server: chat.freenode.net Channel: ##pentaho

    Please try and make an effort and search the wiki and forums before posting!
    Checkout the Saiku, the future of Open Source Interactive OLAP(http://analytical-labs.com)

    http://mattlittle.files.wordpress.co...-bananaman.jpg

  3. #3
    Join Date
    Apr 2007
    Posts
    2,010

    Default

    hmm, ok. That is tricky from a data security point of view - because a platform admin, doesnt necessarily have the right to view output of reports in our case.

    What i probably need to do is create a new class of user, a quasi admin, who can assign permissions and schedule and stuff, but not actually run reports. (We use 1 user for all our schedules)

  4. #4
    Join Date
    Apr 2007
    Posts
    2,010

    Default

    Ah; I think this is defined by the overrides in the pentaho.xml - I guess they apply regardless of the permissions you set in PUC...

    So in there, Admins have ADMIN_ALL... Something about that i think. Anyway I can play around with it and see how to do what I want.

  5. #5
    Join Date
    Oct 2006
    Posts
    817

    Default

    In the voter that is configured by default (as defined in pentahoObjects.spring.xml IAclVoter bean), anyone granted the admin role (as defined in pentaho.xml acl-voter/admin-role) can do anything, regardless of the ACL.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.