For the Pentaho User Console (PUC), your predefined users and roles can be used if you are already using a security provider such as LDAP, Microsoft Active Directory (MSAD), or Single Sign-On. Pentaho Data Integration (PDI) can also be configured to use your implementation of these providers or Kerberos to authenticate users and authorize data access.
These articles guide you through the process of configuring third-party security frameworks for the Pentaho Server.
If you are evaluating Pentaho or have a production environment with fewer than a hundred users, you may decide to use Pentaho default security.
Before you can implement advanced security, you must have installed and configured the Pentaho Server. You should have administrative-level knowledge of the security provider you want to use, details about your user community, and a plan for the user roles to be used in PDI. You should also know how to use the command line to issue commands for Microsoft Windows or Linux.
PUC can be use to perform most security tasks pertaining to the console. For some cases with PDI, you will need a text editor to modify text files. Some of these security tasks also require that you work on the actual machine where the Pentaho Server is installed.
All of the tasks that use the Administration page in PUC require that you log on to the User Console with the Pentaho administrator user name and password.
We support two different security options: Pentaho Security or advanced security providers, such as LDAP, Single Sign-On, or Microsoft Active Directory. This table can help you choose the option that is best for your environment.
|Explore Considerations||Choose Options|
|Pentaho Security||Advanced Security Providers—LDAP, Single Sign-On, or Microsoft Active Directory|
|Summary||Pentaho Security is the easiest way to configure security quickly. The User Console enables you to define and manage users and roles. The Pentaho Server controls which users and roles can access web resources through the User Console or resources in the Pentaho Repository.
Pentaho Security works well if you do not have a security provider or if you have a user community with less than 100 users.
|If you are already using a security provider, such as LDAP, Single Sign-On, or Microsoft Active Directory, you can use the users and roles you have already defined with Pentaho. Your security provider controls which users and roles can access Pentaho web resources through the User Console or resources in the Pentaho Repository.
Advanced security scales well for production and enterprise user communities.
|Expertise||Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about security in general is not required.||Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about your particular security provider and its options is required.|
|Recommendation||Recommended for evaluation and rapid development.||Recommended for production.|
The following additional articles relate to the implementation of user security in the Pentaho Suite:
- Apply AES Password Encryption
- Pass Authentication Credentials in URL Parameters
- Remove Security by Enabling Anonymous Access
- Restrict or Share Files and Folders
- Secure the User Console and Pentaho Server with SSL