Pentaho relies on the Spring Security pluggable authentication framework. By default, the BA Server uses a JDBC-based data access object that is tied to a Jackrabbit database. Users and roles are configured through the Administration perspective in PUC, and content authorization is controlled by the BA Server administrator. However, you can easily configure the server to use existing security tables in a different database, or to authenticate through your existing LDAP (including Active Directory) server or Central Authentication Service. Pentaho's security is also extensible to the point that you can create your own custom data access object, or completely remove all authentication functionality.