Security problem
34 views
Skip to first unread message
Kateřina Benetková
Sep 24, 2015, 8:36:51 AM9/24/15
to Pentaho Community
Hello, let me describe my problem.
The thing is that users have permission to access to all data sources and I want them to see only their data. I am using Oracle JDBC as a data source, where is not possible to set rights for users (or roles). When the user, who can create CDE dashboard, choose "sql over sqlJndi" as the data source and simply guess the name of datasource, he can see everything he wants. For example, when a user calls http://localhost:8080/pentaho/plugin/pentaho-cdf-dd/api/olap/getCubes, he can see the names of every datasource used for cubes.The data source on which I can set rights is metadata. I can access metadata by "mql over metadata". But I want to use datasource even for Saiku analysis and I don't know how to connect them. I know, that by using "Datasource wizzard - database table(s) - Reporting and analysis" I am creating datasource consisted of .xml(olap) and .xmi(datasource) files. (When I export this datasource, it's a .zip file consisted of these files). Now it seems, that I can change them and import them back. But it's not possible to upload .zip to datasources. I can import the analysis and the metadata separately, but now the analysis doesn't use the metadata.
Am I right? Do you know how to resolve this and secure access to data?
Pedro Martins
Sep 24, 2015, 9:19:19 AM9/24/15
to pentaho-...@googlegroups.com
Hello Katerina,
I believe that the datasource wizard should't be used for production, but it's a good way of starting to do things. Personally, I would move away from the Metadata model approach and get a Mondrian schema in place, with MDX queries instead of SQL. Mondrian roles/security are explained here: http://mondrian.pentaho.com/documentation/schema.php#Access_control Metadata will not work with Analyzer (not sure about Saiku, but I doubt it). You will need a Mondrian (analysis) schema for that.
If that is not an option and you're going to stick with CTools+Metadata (I've never done it), you can control the access level at the Metadata model level using this info: https://help.pentaho.com/Documentation/5.3/0N0/110/060
--
You received this message because you are subscribed to the Google Groups "Pentaho Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pentaho-commun...@googlegroups.com.
To post to this group, send email to pentaho-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pentaho-community/d34130e9-8ee7-4585-a27d-6e55479e45f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Kateřina Benetková
Sep 24, 2015, 10:28:35 AM9/24/15
to Pentaho Community
Dear Pedro, thank you for your reply.
The thing is, that I have one user who I want to use the datasource and second user who I want to not have access. I don't understand SpringSecurity much, but it seems, that I can allow something for all users or disable it for all users. Is it true?
The "private" option is possible to set when creating a CDE dashboard, so user can choose, I am afraid it will not help me. (And I didn't get it, who can't see the datasource when setted private? I've tried it and it seems, everybody can see the data)
I don't have to use the datasource wizard or metadata, they were just only ways which came to my mind when solving it. I wanted users to allow CDE and Saiku and different users allow different datasources.
So you are saying to not allow users to create CDE, it's a pity..
Dne čtvrtek 24. září 2015 15:19:19 UTC+2 pedro.martins napsal(a):
Kateřina Benetková
Sep 25, 2015, 7:00:01 AM9/25/15
to Pentaho Community
And I am afraid I am not able to deny creating of dashboards and allow creating of Saiku at the same time.
Dne čtvrtek 24. září 2015 15:19:19 UTC+2 pedro.martins napsal(a):
Hello Katerina,
Pedro Martins
Reply all
Reply to author
Forward
0 new messages