Hitachi Vantara Pentaho Community Forums
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: ACL permissions with LDAP

  1. #1

    Default ACL permissions with LDAP

    Hi, I implement LDAP to connect my users to Pentaho but I don't know how to configure the permissions over folders.

    I see several post with information about this and I make this change in pentaho.xml:

    <file path="/pentaho-solutions/admin">
    <acl-entry role="app-pentaho-admin" acl="FULL_CONTROL" />
    <file path="/pentaho-solutions/bi-developers">
    <acl-entry role="app-pentaho-admin" acl="NOTHING" />
    <acl-entry role="cto" acl="NOTHING" />
    <acl-entry role="dev" acl="NOTHING" />
    <acl-entry role="app-pentaho" acl="NOTHING" />

    But this changes isn't apply. My idea is the "bi-developers" does not appear in the navigation list.

    How can I make this changes available? I try with Restore Solution Repository in Administration Console but nothing.

    Thanks a lot.

  2. #2
    Join Date
    Apr 2011


    I'm not sure but probably u cannot substitute Admin and Authenticated ACL roles, all the others roles can be modified/substituted ...Try and let my know

  3. #3


    I need to create personal solutions for diference groups of LDAP.

    How can I make this?

    At the moment only have to groups app-pentaho-admin and app-pentaho. If I create other groups called app-pentaho-cggs, how can I configure to see only one solution?


  4. #4



    In applicationContext-sprint-security.xml, you can add a generic group of your users (like All Users or EveryoneGroup if you have it). That means that the web app will enable the users to load the pages.

    In pentaho.xml, you can define the default ACLs. If you set those in a restrictive way, you users will just see the Pentaho menu but no directories and actions in it. (Don't forget to create an administrative user.)

    Then you set the access controls based on groups or users in the Pentaho User Console. Your Developers group will only see directories and files with Developers access etc.

  5. #5


    If I understand, for example:

    1) Create AD group call app-pentaho-cgss
    2) One user "abedoya" in app-pentaho-cgss
    3) If I wan't he see only the directory called "CGSS", I need make this change in pentaho.xml:
    <file path="/pentaho-solutions/cgss">
    <acl-entry role="app-pentaho-cgss" acl="EXECUTE" />

    4) When user "abedoya" login in Pentaho, he only see the solution "cgss", rigth?

    I need make other change, the user need in app-pentaho (Authenticated group in AD)?

    Thanks a lot.

  6. #6



    In the config files, you just set up who can login into the Pentaho system at all, and the default permissions for new objects.

    Visibility of solutions in the user console is set up in the user console without editing config files.

    You need a group in your AD for the Authenticated role, for example app-pentaho. Users who have this role can login, those who don't, can't.

    Then you assign rights on the role/group app-pentaho-cgss to the CGSS solution in the Pentaho User Console.

  7. #7


    I try this, but I don't know how I can edit rights from Pentaho User Admin. I'm using Pentaho Community 3.6.0.stable.41852.

    Can you tell me how I make this?

  8. #8


    You do it in the user console, not in the admin. http://yourserver:8080/pentaho/Home

    As an admin user, you see everything. Right click on a folder or file there to get the properties windows where you can set the ACLs.

  9. #9


    If I right click in a folder with admin privileges I see only this:

    [IMG]file:///C:/DOCUME%7E1/abedoya/CONFIG%7E1/Temp/moz-screenshot.png[/IMG]Name:  Dibujo1.jpg
Views: 78
Size:  14.4 KB

  10. #10


    Did you switch on the database repository (instead of file based)? Only the DB supports ACLs. See system/pentahoObjects.spring.xml

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.