Restricting access to Framework Manager

[Springheels]

Is it possible to restrict access to Framework Manager based on Groups and/or Roles? We have multiple projects with different groups working on each project. Framework manager is installed on the server and modelers from each group would have access to the server. Users from one group shouldn't have access to the other projects.

For example, if someone tries to open a project in Framework Manager, it should prompt for user ID and password. Depending on the group the user belongs to, it should either allow the user in or deny access.

[MFGF]

Is it possible to restrict access to Framework Manager based on Groups and/or Roles? We have multiple projects with different groups working on each project. Framework manager is installed on the server and modelers from each group would have access to the server. Users from one group shouldn't have access to the other projects.

For example, if someone tries to open a project in Framework Manager, it should prompt for user ID and password. Depending on the group the user belongs to, it should either allow the user in or deny access.

No - not as far as I am aware. Because FM is a client tool, the normal idea is that each designer would have a copy of it on their local machine and only have their own saved model files locally.

I'd suggest one approach might be to have secured folders on a shared drive on the server? Model files for a group would sit within a folder secured for that group. That way, people in a different group wouldn't be able to see the model files.

How many admin licenses do you have? It's unusual for an organisation to have more than a handful, meaning usually very few people have access to FM?

MF.

[Springheels]

Thank you for the idea. I will explore that option.

We have 4 products, with 4 different groups working on each and will be 4 different tabs on the portal. Each product has 2 FWM licenses, one for the main designer and one for backup. FWM is installed on our desktops and we publish to the server from our desktop. We also have FWM installed on the server.

We have 10.2.1 and licensing is based on FWM usage. All FWM users will have admin rights. We also have a couple of extra admin users. Is there a way I can restrict access to Framework Manager for these non-FWM, admin users? We have authentication whenever we open a project in FWM, but I don't see an option to use the credentials to restrict access to FWM.

[MFGF]

Hi,

Same answer - it's a client windows executable, so there's no way to control access to launching it from within your Cognos security setup. The answer might be to remove the option to launch it from the Start Menu on the server and add a shortcut to launch it within each secured folder on the server drive? It's not foolproof though - a savvy person without access to the secured folders could find the FM executable in the installed location using Windows Explorer and launch it manually if they were determined.

Cheers!

MF.

[Springheels]

Launching is fine, as long as they don't have access to the model files, they shouldn't be able to make any changes anyway.

I was wondering if there is a more elegant solution within Cognos - using session parameters to restrict access to publish packages or something like that.