Author Topic: Cognos 8.4 - Role base security & Doc  (Read 30828 times)

Offline dbamgr

  • Full Member
  • ***
  • Join Date: Jan 2010
  • Posts: 9
  • Forum Citizenship: +0/-0
Cognos 8.4 - Role base security & Doc
« on: 18 Jun 2010 10:27:06 am »
Hi All,

I would appreciate if someone can walk me through the steps in setting up user security in Cognos 8.4. It is just confusing? I have set Anonymous = False in Cognos Configuration and remove Everyone in from all the Cognos default groups. Now I need to assign the proper security and roles to the users. Is it better to set up security based on AD groups or Cognos groups? What is the difference and meaning between permission and capabilities?

I would like to set up user groups by department, eg. Sales, Analytics, Finance and each department can only run their own reports. In each department, most users can only run reports but a few can create their own reports. Eventually I would also like to implement data security in reports, depending on their access, users can only see specific information in the reports.

Cognos 8.4 Default Roles do not fit in this picture. Because then each user can see other department report also.  Since I need security based on Departement, so may be create seperate User groups for different departments (Sales Report Author, Sales Modeler, Finance Report Auther, etc). This will make applying data/object/package security easy.
Any input is much appreciated if some one provide me the detail Cognos8.4 security documentation how to do that and remove all the default role properly.
Thanks in advance

Offline MFGF

  • Never knowingly correct
  • Super Moderator
  • Statesman
  • ******
  • Join Date: Jul 2005
  • Posts: 10,230
  • Forum Citizenship: +620/-10
  • Cognos Software Muppet
Re: Cognos 8.4 - Role base security & Doc
« Reply #1 on: 18 Jun 2010 11:07:34 am »
Hi,

I'd suggest here that you use groups for your different departments, and roles for the capabilities of the users within each department.

Assuming you have departmental folders in Cognos Connection, you can then begin to set security on these for the groups.

If a group is granted no permissions to the folder, then it is completely invisible to members of the group.
If you want a group's members to be able to view existing saved report outputs, you should grant Traverse and Read permissions to the group.
If you want a group's members to be able to view and run existing reports, grant Traverse, Read and Execute permissions to the group.
If you want a group's members to be able to view, run, add and delete reports and/or change the properties of reports, grant Traverse, Read, Execute and Write permissions to the group.

You can then begin to think about the capabilities of each user.  This is where the default Cognos roles come into play.
If a user should have access to Query Studio, add the user as a member of the Query Users role.
If a user should have access to Analysis Studio, add the user as a member of the Analysis Users role.
If a user should have access to Report Studio, add the user as a member of the Authors role.

These roles have already been set up to have the relevant capabilities for Query Studio, Analysis Studio etc.  If you want to use your own roles instead, then you will need to go to the Capabilities page of the Admin console and apply the relevant capability to each new role.

Hope that helps!

MF.
Meep!

Offline Bill Hastings

  • Full Member
  • ***
  • Join Date: May 2009
  • Posts: 14
  • Forum Citizenship: +1/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #2 on: 18 Jun 2010 11:34:45 am »
One of the things that we found most confusing was the lack of consistency between the license definitions that Cognos sells and the predefined roles that come with the Cognos 8 installation (we are working in 8.3, but I would be surprised if 8.4 is any different). So we went through the process of reviewing each predefined role to see what each had access to and cross-referenced that information with the access rights of each of the published licenses that Cognos sells. We then created user groups that matched the Cognos licenses (e.g. Consumers, Professionals, Administrators, etc.) and added each of the "license" groups to the predefined roles that they would need for access to Cognos 8. Then each user account we created was linked to a license group, which in turn gave them appropriate access to the tools.

The next step as was recommended is to create a 2nd set of user groups that are department or responsibility based which you use to control access to the various folders, reports, analyses, etc.

I just wanted to mention the first paragraph as an alternative approach. One advantage to the above is that it also makes it easier to control your license numbers. If you have purchased 20 consumer licenses and you look at the consumer group and see 19 users assigned, you are within your agreement with Cognos, but will want to purchase additional licenses if you need to expand. We put the number of licenses purchased in brackets in the group description. For example, I created a user group called "Consumers (20)", which tells me I have 20 consumer licenses available.

If you are interested in the approach, I have an excel spreadsheet that shows the relationship that we created between the "license" groups and the predefined roles that I could send to you.

Note that you can also create folders to keep your user groups organized. Create one folder called "License Groups" and another folder called "Departments".

Offline jrgchip

  • Associate
  • **
  • Join Date: Oct 2010
  • Posts: 4
  • Forum Citizenship: +0/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #3 on: 19 Oct 2010 06:15:46 pm »
whastings:  I would love to see your spreadsheet.  We are dealing with the same issues now and I'm frustrated that we have no clear doc about correlations between licenses and capabilities.

Offline SunilAwasthi

  • Associate
  • **
  • Join Date: Jun 2009
  • Posts: 1
  • Forum Citizenship: +0/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #4 on: 08 Feb 2011 12:35:55 pm »
whastings I would be great help if you could post the security spreadsheet which you created.

Offline jeffowentn

  • Cognos Planning Developer and Cognos Sys Admin
  • Statesman
  • ******
  • Join Date: Jan 2009
  • Posts: 263
  • Forum Citizenship: +5/-0
  • IBM Certified Solution Designer/Expert
Re: Cognos 8.4 - Role base security & Doc
« Reply #5 on: 07 Nov 2011 04:19:21 pm »
whastings - would you mind sending me the Excel spreadsheet, as well?  Thank you.

Offline Enricoqqq

  • Associate
  • **
  • Join Date: Nov 2011
  • Posts: 3
  • Forum Citizenship: +0/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #6 on: 22 Nov 2011 10:51:59 am »
Can I receive the file as well?

Thansk a lot

Offline gdulli

  • Associate
  • **
  • Join Date: Nov 2012
  • Posts: 4
  • Forum Citizenship: +0/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #7 on: 27 Nov 2012 07:06:12 am »
Can I receive the file as well?

Thansk a lot :)

Offline sravs

  • Full Member
  • ***
  • Join Date: Nov 2011
  • Posts: 10
  • Forum Citizenship: +0/-0
Re: Cognos 8.4 - Role base security & Doc
« Reply #8 on: 31 May 2013 04:02:15 pm »
Can you please send me the spreedsheet. I'm having the same issue

Thanks a lot!!!

Offline MFGF

  • Never knowingly correct
  • Super Moderator
  • Statesman
  • ******
  • Join Date: Jul 2005
  • Posts: 10,230
  • Forum Citizenship: +620/-10
  • Cognos Software Muppet
Re: Cognos 8.4 - Role base security & Doc
« Reply #9 on: 03 Jun 2013 08:05:50 am »
Well, guys, whastings hasn't been logged into the forum since April 2012. I would doubt your requests to him on here will be responded to.

Cheers!

MF.
Meep!

 


       
Twittear