Hi all,
I am completely new and lost in administration of users and permissions (somebody else usually used to take care of it).
So, I've used a book "IBM Cognos offical guide" to try to understand how to do that, and try to follow the step for a user in a group (using LDAP).
But nothing works -> I mean, the user is still having all the rights, this user can see everything and use every part of Cognos.
Is there any "real" tutorial about this subject ?
What sort of detail should I give to make it easier to help me ?
Thanks.
Have you removed the everyone group from all of the roles in Cognos Admin?
have you make the setting false in cognos configuration for anonymous login ?
Quote from: vamcchowdary on 26 Jun 2009 12:34:51 PM
have you make the setting false in cognos configuration for anonymous login ?
i would say this is your first bet.
Can you see if Consumer is present in the Permissions of Public Folders
Hi,
Yes, Consumer is in Public Folder's permissions.
It is hard to debug without knowing about the kind of permissions you have.
I have setup permissions where in a Consumer can log in to Cognos but wont see any content in Public Folder unless they are members of other Functional groups that i created.
In doing this i noticed that i had to add Consumers to the permissions of Distribution Lists and Contacts with Traverse rights
You might want to check what are the roles/groups under Distribution Lists and Contacts and make your test user a member of one of those groups
Hello Sunchaser,
I had this exact same problem, and this is what I had to do. I hope this helps.
Anyone not in a Cognos group namespace will not have access to the Cognos Portal. If the user / groups are in (groups you set-up ex. MyCompany) group namespace, access is denied. This is because a parameter in Cognos Configuration under Security / Authentication / will need to be set to ‘FALSE’, which restricts access to members not in the Cognos group namespace (You will need to create a group here).
Under the Cognos namespace in the 'Groups', ‘Everyone’ must be taken out of each 'Group', then access can be given to specific users/groups. All users and groups have access to the Public Folder which includes any reports available associated with their sign-on (this is why 'Everyone' must be removed from the groups).
However, at this level, permissions can be set on the Public Folder tab or individual folders/reports to allow, restrict viewing or editing the layout, deletion, creation, or scheduling of reports.
To allow the user to view specific reports, access must be set individually at the report level in the Public Folder by the Administrator. To allow users to view Reports, but not create Reports, give Execute and Traverse rights ONLY. This will ensure the integrity of reports created by the Report Author (the person responsible for creating reports).
These securities are set in Cognos Administrator / Capabilities / (select the appropriate Studio [Query, Report, Event, etc.]), add the group or individual who will have access and set the permissions (Execute / Traverse).
If the user has a Role, such as Report Administrator, he must be a member in this group in order to create reports. Under Capabilities / Administrator, add this group/user to the list, but deny all access. Reports can still be created, however, the user will not be able to see or access ‘Administer Cognos Content’.
Hope this helps!
tb