Data security for Interactive Report in Pentaho

Posted on by By Mounika, in Pentaho | 0

This blog covers the process of applying data security for interactive reports in Pentaho based on logged in user.

Pentaho Interactive Reporting is a drag-and-drop, browser-based design environment for interactive reports that allows you to quickly add elements to your report and format them to your preference.

This option is present in Pentaho Enterprise edition.

To apply data security, customized data model has to be created for interactive reports which are created through a tool called Pentaho metadata-editor.

To create a data source in Pentaho Metadata Editor, go through the blog

creating a data source for interactive reports in Pentaho

To create a customized data model, below are the steps to be followed:

  1. Open the data source ‘SecuredReport’ created in the mentioned blog.
  2. Now we would make changes to the data source such that the report created in the blog would show the values corresponding to the logged-in user.

  3. The Pentaho Metadata Editor must be configured to connect to your Pentaho Server so that it can retrieve user names, roles, and access control lists.
    • From the Pentaho Metadata Editor main window,
    • select Tools > Security. The Security Service dialog box appears.

    • Type the correct URL in the Service URL text box.
    • Select the level of detailed security information you want: All, Users, or Roles.
    • Type admin in the User Name text field. This is the default Admin user for the Pentaho User Console.
    • Type password in the Password text field. This password is associated with the default Admin user. Click Test.

    Security Service

    If the information you entered is correct, a listing of users and roles appears, as shown

    XML Returned

  4. To restrict the data, we have to apply the desired condition to the metadata. Any condition to be applied should be first applied to the model and then the table.
  5. Right Click on the model and click on Edit.
  6. Clicking on Model

  7. Add the users in the ‘Selected Users/Groups’ tab under the ‘Metadata Security’ section as shown. It means that only the selected users ‘HOUSE’ and ‘JNTR’ can see the data source.
  8. We can also edit the view and select the users who can have the right to see the view based on the requirement which is nothing but table restriction for specific users.
  9. For data restriction, we should write a condition in ‘Global_Constraint’ in ‘Data Constraints’ tab under the ‘Metadata Security’ section. Even this should be done on the model first and then on the view as shown.
  10. Global Constraint

    We have used ‘OR’ condition i.e. if logged in user is ‘HOUSE’ then data related to HOUSE is shown if admin then all data is shown.

    Condition : OR([TABLE_NAME.FIELD_NAME]=USER());USER()=”admin”
    User() is the function which gives logged is user name..
  11. Save the data source and publish.
  12. Now, log in as different users and create the same report from the data source and test.

Login as different users

Sample Reports

In case if you have any queries please get us at

Thank You

Mounika Pulimamidi
BI Developer
Helical IT Solutions Pvt Ltd


Best Open Source Business Intelligence Software Helical Insight Here


A Business Intelligence Framework

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments