Start your 30-day Pentaho Enterprise Evaluation ..

Permissions & Scope

Who has access to What ..

Communities, Permissions & Scope

In this hands-on workshop, you'll learn how to configure Community permissions and data source scope restrictions to implement fine-grained access control in PDC. We'll walk through the process of limiting specific Communities to only the data sources and schemas relevant to their business domain, demonstrating how to create secure, business-aligned data governance boundaries that enforce the principle of least privilege.

By the end of this workshop, you will be able to:

  • Configure Community scope restrictions to limit access to specific data sources

  • Implement domain-based data access controls that mirror organizational structure

  • Create business-aligned data boundaries using PDC's scope management features

  • Test and validate Community permission restrictions with user authentication

  • Understand how Communities enforce data governance policies at the asset level

  • Design scalable permission models that grow with organizational complexity

  • Apply the principle of least privilege to enterprise data governance

Workshop Scope Configuration: You'll implement domain-specific access controls for Adventure Works business areas:

  • Sales Community gets access to mssql:adventureworks2022-Sales (Sales + Person schemas only)

  • HR Community gets access to mssql:adventureworks2022-HR (HumanResources + Person schemas)

  • Data Governance Council gets cross-domain access for governance oversight

  • System Administrators get access to the complete mssql:adventureworks2022 database

The Business Context: Adventure Works 2022 database contains sensitive data across multiple business domains:

  • Sales: Orders, customers, territories, sales performance

  • HumanResources: Employee data, departments, payroll information

  • Production: Products, inventory, manufacturing processes

  • Purchasing: Vendors, purchase orders, procurement data

  • Person: Contact information, addresses, demographics

Workshop Process: You'll configure the AdventureWorks_Sales_Analytics Community to only access sales-related data sources, then test the restriction by logging in as Sarah Johnson (Sales Analyst) to verify she can only see the data sources appropriate for her role.

This workshop demonstrates how PDC's Community scope features create the "WHAT" layer of your data governance framework—determining exactly which data assets each user can access based on their business function and organizational role.

x

Sales

Sales Schema Data Source Creation

When connecting to the AdventureWorks2022 database, administrators would create a dedicated "mssql:adventureworks2022-Sales" data source. During the "Ingest Schemas" process, click Ingest Schema, select the following schemas:

  • Sales -

  • Person -

and then click Ingest Schemas.

x

  1. Log into Data Catalog:

https://pdc.pentaho.labpdc.pentaho.lab

Username: [email protected]

Password: Welcome123!

  1. Click: Management in the left navigation menu.

Users & Communities

  1. Click: Communities (Users & Communities tile).

  2. Select: AdventureWorks_Sales_Analytics > Edit

Edit Community

  1. Scroll down to Scope

AdventureWorks_Sales_Analysts scope

  1. Select: Data Sources & Click: +

  2. Select: mssql:adventureworks2022-Sales & uncheck All

  1. Click: Done & Save.

While you're here .. Edit the Scope: Data Sources for AdventureWorks_System_Administrators from All to: mssql:adventureworks2022.

We've now set the Data Sources Scope for the Sales Analysts .. we'll be back to set the others ..!!

  1. Finally .. test by logging in as:

Username: [email protected]

Password: Welcome123!

Sales_Analysts
PreviousConnect AW DatabaseNextCanvas & Collections

Last updated

Was this helpful?