Uploaded image for project: 'Pentaho Data Integration - Kettle'
  1. Pentaho Data Integration - Kettle
  2. PDI-6774

As an ETL-Administrator, I want to set some security restrictions by a security level

    Details

    • Type: New Feature
    • Status: Open
    • Severity: Medium
    • Resolution: Unresolved
    • Affects Version/s: 4.2.0 GA (4.0.0 GA Suite Release)
    • Fix Version/s: Backlog
    • Component/s: API
    • Labels:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
    • PM Ranking:
      Medium

      Description

      It is easy to call any API methods within PDI with the scripting steps and it is also easy to add new plugins. With both methods existing passwords can be "un-obfuscated" or decrypted even with more advanced password encryptions.

      We may need a mechanism to set a security level to avoid calling APIs or disable the use of some scripting steps.

      Workaround: Have a white list of steps. That is actually already possible with defining another kettle-steps.xml or kettle-job-entries.xml.

      Another use case could be reading and writing from/to the server based file-system what should be disabled by an option as well.
      Further use cases can be found in the linked cases.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jbleuel Jens Bleuel
              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: