Provides information on the various ways you can secure PDI.
Pentaho Data Integration (PDI) can be configured to use your implementation of LDAP, MSAD, Apache DS, or Kerberos to authenticate users and authorize data access. You can also configure PDI to use a Single Sign On (SSO) framework or use a combination of these approaches.
Before you implement advanced security, you should have installed and configured the DI Server and Spoon, which is the PDI design tool.
You should have administrative-level knowledge of the security provider you want to use, details about your user community, and a plan for the user roles to be used in PDI. You should also know how to use the command line to issue commands for Microsoft Windows or Linux.
You will need a text editor to modify text files. You might also need to work on the actual machine that has DI software installed.
We support two different security options: Pentaho Security or advanced security providers, such as LDAP, Single Sign-On, or Microsoft Active Directory. This table can help you choose the option that is best for your environment.
|Explore Considerations||Choose Options|
|Pentaho Security||Advanced Security Providers—LDAP, Single Sign-On, or Microsoft Active Directory|
|Summary||Pentaho Security is the easiest way to configure security quickly. Spoon enables you to define and manage users and roles. The DI Server controls which users and roles can access resources in the Pentaho Repository. |
Pentaho Security works well if you do not have a security provider or if you have a user community with less than 100 users.
|If you are already using a security provider, such as LDAP, Single Sign-On, or Microsoft Active Directory, you can use the users and roles you have already defined with Pentaho. Your security provider controls which users and roles can access the Pentaho Repository. |
Advanced security scales well for production and enterprise user communities.
|Expertise||Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about security in general is not required.||Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about your particular security provider and its options is required.|
|Time||It takes approximately 5 minutes per user and role to configure Pentaho Security.||It takes approximately 1 hour to configure the DI Server to use your existing security provider.|
|Recommendation||Recommended for the Pentaho Trial Download, evaluating, and rapid development.||Recommended for production.|