Text only | Text with Images

COGNOiSe.com - The IBM Cognos Community

IBM Cognos 8 Platform => COGNOS 8 => COGNOS 8 Administration => Topic started by: buffynut25 on 08 Mar 2010 09:06:41 AM

Title: Package Security
Post by: buffynut25 on 08 Mar 2010 09:06:41 AM
Is it possible to set security on a Package such that a user can execute a report that was built from the package, but they cannot create their own reports (via Query or Report Studio) against that package. 
Title: Re: Package Security
Post by: cognosjon on 08 Mar 2010 09:48:34 AM
Just set them up as a consumer, that should do the trick.
Title: Re: Package Security
Post by: buffynut25 on 08 Mar 2010 11:35:56 AM
Yes, but I would like for them to be able to use Query Studio and Report Studio against other packages. 
Title: Re: Package Security
Post by: sKumar on 09 Mar 2010 02:09:43 AM
You can't achieve it. It's a limitation.  The user with report studio access can easily build new reports with the package, if he has read, execute permission for that package.
Title: Re: Package Security
Post by: cognosjon on 09 Mar 2010 02:17:46 AM
You could still do it but it depends on how messy you want to get with permissisons.


You could create a new role, add your user to it, then apply this role to the package and then ensure that the role only has read execute and traverse.

As long as your user is not defined within any role that has a higher level of permission against the package they will only be able to run reports.

Do any other users have permissions to write reports against this package?
Title: Re: Package Security
Post by: sKumar on 09 Mar 2010 02:49:32 AM
Sorry to mention but this can't be done, the above recommendation is invalid. Even after creating a new role with the permission to read,execute, traverse on the package, the users in the role can start creating new reports as they will be having access to report studio..




----------------------------------------------------------------------------------------------------------
You could still do it but it depends on how messy you want to get with permissisons.


You could create a new role, add your user to it, then apply this role to the package and then ensure that the role only has read execute and traverse.

As long as your user is not defined within any role that has a higher level of permission against the package they will only be able to run reports.

Do any other users have permissions to write reports against this


Title: Re: Package Security
Post by: cognosjon on 09 Mar 2010 03:25:46 AM
Apologies sKumar your right, not sure what I was thinking about, maybe a lack of caffeine, maybe in need of a holiday maybe all of them.
Title: Re: Package Security
Post by: LeightonWhite on 12 Mar 2010 09:17:07 AM
In 8.4 you can set object capabilities on a package.  This will allow you to define which tools a group of users can use against a package.  Here is the relevant IBM documentation: http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.ug_cra.8.4.0.doc/ug_cra_id12320Package_Capabilities.html#Package_Capabilities (http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.ug_cra.8.4.0.doc/ug_cra_id12320Package_Capabilities.html#Package_Capabilities)
Text only | Text with Images