[Closed] Object Security in FM Manager

[bdybldr]

Hi,

I set object level security on cost related fields (Cost of Sales, Unit Cost, Margin, etc) in the Sales query subject for users in the Sales Forecast user class and allowed access to the "Everyone" user class.

I developed a sales report that includes the Cost of Sales field and all user classes should have access to this report.Ã,  The Sales Forecast user class members should also be able to access the report (minus the Cost of Sales field).Ã,  But, when a user in the Sales Forecast group tries to run the report, the following error is displayed:

QE-DEF-0355 Expression [MNAV Data Mart].[Sales].[Cost of Sales] refers to object [MNAV Data Mart].[Sales].[Cost of Sales] which is not accessible for the user.

Please help.Ã,  I need to resolve this asap.Ã,  Thanks.

[MFGF]

Hi bdybldr,

Object security is relevant to objects at design-time of a report, not at runtime.  In other words, members of the Sales Forecast user class will not be able to see the Cost of Sales field visible in the package when they create or amend reports in a studio.  However, they will be unable to run any reports that already contain the Cost of Sales field.

My advice would be to use a variable in your report to conditionally hide or show the Cost of Sales column dependent on the user class of the user - use the #CSVIdentityNameList()# macro function to get hold of the groups/roles a user belongs to in your variable expression.

Best regards,

MF.

[bdybldr]

Thanks MFGF.  This report was working for about 8 months with object security on cost of sales.  Something recently happened that caused it not to work but I can't figure out what it is.

My Cognos Admin says a development issue; I say it's an Access Manager issue by virtue of the fact that it worked for a long time until just recently.  I made no security changes to the report or the model.

I have created an alternate report that conditionally displays but the Sales Forcast users will be able to access that field in QS if I remove security on the query item.

Thanks again.

[bdybldr]

I contacted Cognos support about this issue and they said that the reports should not have worked prior to upgrading to MR3 and that this was a security glitch.  He felt that a patch was applied in the MR3 build to "fix" this issue but no definite conclusion was made.  I guess I'll have to create a seperate version of this report for the restricted user class.  Thanks again for your comments, MFGF.