Skip to main content
Pentaho Documentation

Add User or Role Row-Level Security Constraints

You need to have established a connection to a data source in Metadata Editor and selected one or more tables to create metadata for.

A role-based constraint is an MQL Formula statement that restricts access (on the row level) only to certain users or roles. Follow the below instructions to add fine-grained user- or role-based restrictions to your data source.

  1. In the left pane, right-click the table or column you want to modify, then click Edit.. from the context menu. The Physical Table Properties dialogue will appear.
  2. Click the green + icon above the Available field in the middle of the screen. The Add New Property dialogue will appear.
  3. Select Data Constraints, then click OK.
  4. Click the new Data Constraints item in the General category.
  5. Select Role-Based Constraints option in the right pane.
  6. Click the green + icon next to the Selected Users/Groups field in the right pane. A list of users and/or roles (depending on what you selected when configuring the security service earlier) will appear.
  7. Click the user or role in the left pane that you want to assign permissions to, then click the right arrow button in the middle of the window. The user or role will move from the Available list on the left to the Assigned list on the right.
  8. Click the checkboxes for the permissions that you want to assign to the selected user or role.
  9. Repeat this process for other users or roles you want to assign metadata permissions to, then click OK.
  10. Change any other relevant metadata options, then click OK to return to the Metadata Editor main window.
  11. When you are finished, save the metadata configuration as a domain using the Save As button, then publish it to the BA Server as an XMI schema by selecting Publish from the File menu.