Filter Based on Current User's Group Membership

[jwm68]

Greetings!

I am trying to apply (or not apply) a filter on a ReportNet report's query based on the Active Directory (CRN authentication source) or Cognos group membership of the currently logged-in user.

Does anyone have experience with this?  Is there a user object available I can access through JavaScript, similar to the preProcessControlArray?  I am sure there are several additional objects available to me -- I am just using preProcessControlArray as an example, since I have used that for form validation on prompt pages in the past.

I guess I would also like to know the sequence of operations as CRN tries to run the query(ies) and load the report data, since I will need to apply some logic to whether or not a certain filter is applied to one (or both) of the queries on the report.

Any assistance would be immensely appreciated.

Thanks.

Joe

[davidsoc]

You should look into security filters within Framework Manager. This does exactly what you want from the first section of your question.

I'm not sure about your second question...

[jwm68]

David:

Thanks for the reponse.  The query items in question are used by other reports as well, so I can't really filter them in Framework Manager, but I suppose I can add another version of those data elements to the logical model, filtered by the security group, with a different name.

I will give it a try.

I guess a follow-up question would be -- can I base that filter on a group in Active Directory, or can I base a ReportNet Security Group directly on one in Active Directory, so as soon as I make a change to the group in AD, it is propagated through automatically, without having to mess with or compile the ReportNet group or its membership?

Thx again.

[davidsoc]

We have not implemented AD security yet but I think we will try to do as much of the user maintenance within AD instead of using custom Cognos groups.

I think our idea at the minute is to use AD groups to populate the standard Cognos Namespace groups and roles for assigning capabilities etc. and then use AD groups directly for our security filters, folder access, package access etc.

Sorry I can't be of much help!  :-[

[jwm68]

That's OK.

Actually, I was just thinking this through, and I still need to figure out who the current user is when running the report, even if I move the filter from the report to the model.  Because I need to load in a different set of data to the report based on whether or not someone is a member of a particular AD security group.

We are implementing a solution through SharePoint, so I could very easily just have two reports and load in a different report based on AD group membership, which is a breeze to get in SharePoint...but we were hoping to accomplish it with just one report.

Thanks for your responses, though.

[davidsoc]

just out of interest... how are using sharepoint and CRN together?

[jwm68]

.NET and ReportNet SDK/Web Services

[davidsoc]

Delivery content to sharepoint through custom webparts? Are you by-passing Cognos Connection all together?

[jwm68]

We are not bypassing Cognos Connection for our current client, but we have done so in the past.

The current question stems from a small "app" in SharePoint for just one package in ReportNet...custom web parts include a custom tree view that populates with all the reports in the package and a report viewer that displays the report with a custom header toolbar.

The client was mothballing a legacy application, so we designed and populated a BI-optimized warehouse (Oracle) with the data, added a model for it in Framework Manager, wrote a series of reports, and enabled report selection and viewing through SharePoint.

www [dot] theportalgroup [dot] biz