Start your 30-day Pentaho Enterprise Evaluation ..

Permissions & Scope

Who has access to What ..

Communities, Permissions & Scope

In this hands-on workshop, you'll learn how to configure Community permissions and data source scope restrictions to implement fine-grained access control in PDC. We'll walk through the process of limiting specific Communities to only the data sources and schemas relevant to their business domain, demonstrating how to create secure, business-aligned data governance boundaries that enforce the principle of least privilege.

By the end of this workshop, you will be able to:

  • Configure Community scope restrictions to limit access to specific data sources

  • Implement domain-based data access controls that mirror organizational structure

  • Create business-aligned data boundaries using PDC's scope management features

  • Test and validate Community permission restrictions with user authentication

  • Understand how Communities enforce data governance policies at the asset level

  • Design scalable permission models that grow with organizational complexity

  • Apply the principle of least privilege to enterprise data governance

Workshop Process: You'll configure the AdventureWorks_Sales_Analytics Community to only access sales-related data sources, then test the restriction by logging in as Sarah Johnson (Sales Analyst) to verify she can only see the data sources appropriate for her role.

This workshop demonstrates how Data Catalog's Community scope features create the "WHAT" layer of your data governance framework—determining exactly which data assets each user can access based on their business function and organizational role.

Scope Configuration

Let's implement domain-specific access controls for Adventure Works business areas:

  • Sales Community gets access to mssql:adventureworks2022-Sales (Sales + Person schemas only)

  • HR Community gets access to mssql:adventureworks2022-HR (HumanResources + Person schemas)

  • Data Governance Council gets cross-domain access for governance oversight

  • System /Datasource Administrators get access to the complete mssql:adventureworks2022 database

  1. Log into Data Catalog:

https://pdc.pentaho.labpdc.pentaho.lab

Username: [email protected]

[email protected]

Password: Welcome123!

Sales Community

Let's start defining our Sales Community ..

AdventureWorks - Sales

Sales Schema Data Source Creation

When connecting to the AdventureWorks2022 database, administrators would create a dedicated "mssql:adventureworks2022-Sales" data source. During the "Ingest Schemas" process, click Ingest Schema, select the following schemas:

  • Sales - Orders, customers, territories, sales performance

  • Person - Contact information, addresses, demographics

and then click Ingest Schemas.

  1. Click: Management in the left navigation menu.

  2. Create a connection to: adventureworks2022 database with the following settings:

Field
Setting

Data Source Name

mssql:adventureworks2022-sales

Data Source ID

Leave Blank to autogenerate ID

Description

AW DW: Sales + Person schemas only.

Data Source Type

Microsoft SQL Server

Affinity

Default

Configuration Method

URI

Username

sa

Password

StrongPassword123

URI

jdbc:sqlserver://pdc.pentaho.lab:1433;databaseName=AdventureWorks2022;user=sa;password=StrongPassword123;encrypt=false

Driver

mssql-jdbc-13.2.0.jre11.jar*

Database Name

AdventureWorks2022

  1. Select: Sales + Person schemas.

Select Schemas

  1. Save: Data Source.

PreviousOther Data SourcesNextRequest Access

Last updated

Was this helpful?