Authentication   and   Security     
          Who are you?  






Larger organisations typically have enterprise-wide security and authentication mechanisms already in place, and if a candidate BI suite can’t interface appropriately, then it’s a “show-stopper”. However, Pentaho provides all the authentication and security options available in OBIEE, so it’s highly likely that you can reuse whatever authentication mechanisms are currently in place.



Basic Authentication


Pentaho Default Security allows:


*  Users and roles that are defined in the User Console (equivalent to OBIEE A&D) to be used for authentication (similar to the RPD functionality that was available in 10g, but which was removed in 11g).



Advanced Authentication


Pentaho Advanced Security allows:


*  Users and roles predefined in an external security provider application, LDAP or Microsoft Active Directory, to be used for authentication.


*  Users and roles to be defined in an external relational database table.


*  Users to be authenticated using LDAP but a relational table to be used to define roles.


*  Single Sign-on to be used for authentication, either a Central Authentication Service (CAS) or Integrated Windows Authentication (IWA).





By default, the Pentaho User Console (hosted, like A&D, within a web browser) and the Pentaho BA Server (equivalent to the OBIEE Presentation Server & BI Server) communicate using the HTTP protocol. However, if required, the HTTPS protocol (SSL) can be used instead to encrypt the communications link.



CERN Large Hadron Collider


Pentaho has been used at CERN, home of the world’s largest particle physics laboratory, to implement a complex set of access requirements to personnel, financial, and operational data for over 15,000 users; see:


*  CERN Use Case