Make changes to the administrator role

The assignment of action-based permissions associated with the administrator role (read, create, execute, and administrate) in the Pentaho Repository cannot be edited in the user interface. The administrator role is the only role that is assigned the administer security permission and controls user access to the Security tab.

Note: Deleting the administrator role will prevent all users from accessing the Security tab unless another role is assigned the administrator permission.

These are the scenarios that require a configuration change that is unavailable through the PDI client:

You want to delete the administrator role
You want to unassign the administrator permission from the administrator role
You want to configure LDAP

Follow these instructions to change the administrator role:

Shut down the Pentaho Server.
Open the repository.spring.xml file located at pentaho-server/pentaho-solutions/system.
Locate the element with an ID of immutableRoleBindingMap.

Replace the entire node with the XML code shown below.

Make sure you change yourAdminRole to the role that will have Administrate permission.

<util:map id="immutableRoleBindingMap">
    <entry key="yourAdminRole">
      <util:list>
        <value>org.pentaho.di.reader</value>
        <value>org.pentaho.di.creator</value>
        <value>org.pentaho.di.securityAdministrator</value>
      </util:list>
    </entry>
</util:map>

Restart the Pentaho Server.
The administrator role changes according to your requirements.

PreviousDelete roles NextAssign user permissions in the repository using the PDI client

Last updated 1 month ago

Was this helpful?