Any good documentation on how Cognos security work?

[Knight]

Hi!

I have to fix some security problems on one of our Cognos servers and I can't seem to make heads or tails of how Cognos security work...

(I am familiar with how security worked in older Novell versions and in a lesser extent on Windows but this seems to be something much more arcane... I am hoping I will eventually be sent on an admin course but when and if that happens it will be too late...)

Is there something that actually described in detail how this work?

I looked at the existing entries like Authors and I can't figure out why Authors depends on itself (in the permission) and why it seems like the Authors would also be Directory Administrators which, from what I have read, would give them way too much access.

Thank you!

Nick

[blom0344]

google:

ibm cognos administration and security guide

[MFGF]

Here is the link :)

http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/index.jsp?topic=/com.ibm.swg.im.cognos.ug_cra.8.4.1.doc/ug_cra.html

[Knight]

(Sorry for the delayed reply...)

Thank you for the help...

I didn't find what I was looking for in it but thanks you nonetheless...

Nick

[venkys4u_]

check out this dude.. I hope this will help

http://download.boulder.ibm.com/ibmdl/pub/software/dw/dm/cognos/security/design/securing_cognos_8_environment.pdf
 


Gud luck
venky

[kirkboy]

(Sorry for the delayed reply...)
Thank you for the help...
I didn't find what I was looking for in it but thanks you nonetheless...
Nick

Yes, read the guide, always read the guide... but here is an explanation to your actual question:

On the Security Tab, under 'users, Groups and Roles' when you are viewing the 'Authors' Role, the Permissions tab shows who has access to the AUTHOR role itself, ie. who can make changes to the role.  Any SYSTEM Administrator as a default has full access to this, but also Directory Administrators specifically have the 'WRITE' permission on the Authors role, identifying that group as being able to Add/Remove Members from the Authors Role.

To see what Authors can do, you need to go to 'Capabilites' and examine the permission you are wanting to know about.  For example, Authors as a default have access to the 'Report Studio' role with an 'Execute' permission, meaning Authors can Open Report Studio.

This is important to understand before making changes!  For example, if you added 'Consumers' to the 'Report Studio' role and gave them 'Execute' permission, then ALL CONSUMERS could access Report Studio.  This means you would need to own an Author License for ALL of your consumers, and will bite you on the behind if you ever get audited.