If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Any good documentation on how Cognos security work?

Started by Knight, 22 Nov 2011 04:09:41 PM

Previous topic - Next topic

Knight

Hi!

I have to fix some security problems on one of our Cognos servers and I can't seem to make heads or tails of how Cognos security work...

(I am familiar with how security worked in older Novell versions and in a lesser extent on Windows but this seems to be something much more arcane... I am hoping I will eventually be sent on an admin course but when and if that happens it will be too late...)

Is there something that actually described in detail how this work?

I looked at the existing entries like Authors and I can't figure out why Authors depends on itself (in the permission) and why it seems like the Authors would also be Directory Administrators which, from what I have read, would give them way too much access.

Thank you!

Nick

blom0344

google:

ibm cognos administration and security guide

MFGF

Meep!

Knight

(Sorry for the delayed reply...)

Thank you for the help...

I didn't find what I was looking for in it but thanks you nonetheless...

Nick


kirkboy

Quote from: Knight on 06 Dec 2011 06:07:48 PM
(Sorry for the delayed reply...)
Thank you for the help...
I didn't find what I was looking for in it but thanks you nonetheless...
Nick
Yes, read the guide, always read the guide... but here is an explanation to your actual question:

On the Security Tab, under 'users, Groups and Roles' when you are viewing the 'Authors' Role, the Permissions tab shows who has access to the AUTHOR role itself, ie. who can make changes to the role.  Any SYSTEM Administrator as a default has full access to this, but also Directory Administrators specifically have the 'WRITE' permission on the Authors role, identifying that group as being able to Add/Remove Members from the Authors Role.

To see what Authors can do, you need to go to 'Capabilites' and examine the permission you are wanting to know about.  For example, Authors as a default have access to the 'Report Studio' role with an 'Execute' permission, meaning Authors can Open Report Studio.

This is important to understand before making changes!  For example, if you added 'Consumers' to the 'Report Studio' role and gave them 'Execute' permission, then ALL CONSUMERS could access Report Studio.  This means you would need to own an Author License for ALL of your consumers, and will bite you on the behind if you ever get audited.