RQP-DEF-0326 User defined SQL is not permitted for the user.....!!!

[pooja]

Hi All,

We are having this error (RQP-DEF-0326 User defined SQL is not permitted ) for couple of news users in production environment. Below are the solution tips we have followed and implemented, but NO success yet.

http://www-01.ibm.com/support/docview.wss?uid=swg21342307

Resolving the problem
Steps: Change capability permission.
- From within the Cognos connection page, navigate to Cognos Administration -> Security tab -> Capabilities.
- Click on the arrow to the right of Report Studio. a drop down menu will appear.
- select Set properties. On the screen the comes up select the Permissions tab.
- Add the "user" or "users group" to the list and grant the traverse privileges.
- Click OK to commit the changes.

Allowing "user" or "user group" to run User Defined SQL:
- Still under the capabilities window under Cognos Administration -> Security tab ->
- Click on Report Studio. This will reveal the items below it.
- Click on the arrow to the right of User Defined SQL. A drop down menu will appear.
- On the screen the comes up select the Permissions tab.
- Add "user" or "user group" and grant them Read and Execute rights


Any help on this would be appreciated.



P

[MFGF]

Hi All,

We are having this error (RQP-DEF-0326 User defined SQL is not permitted ) for couple of news users in production environment. Below are the solution tips we have followed and implemented, but NO success yet.

http://www-01.ibm.com/support/docview.wss?uid=swg21342307

Resolving the problem
Steps: Change capability permission.
- From within the Cognos connection page, navigate to Cognos Administration -> Security tab -> Capabilities.
- Click on the arrow to the right of Report Studio. a drop down menu will appear.
- select Set properties. On the screen the comes up select the Permissions tab.
- Add the "user" or "users group" to the list and grant the traverse privileges.
- Click OK to commit the changes.

Allowing "user" or "user group" to run User Defined SQL:
- Still under the capabilities window under Cognos Administration -> Security tab ->
- Click on Report Studio. This will reveal the items below it.
- Click on the arrow to the right of User Defined SQL. A drop down menu will appear.
- On the screen the comes up select the Permissions tab.
- Add "user" or "user group" and grant them Read and Execute rights


Any help on this would be appreciated.



P

Hi,

I think in the first step you need to grant both Execute and Traverse privileges - not just Traverse.
In the second step you need to grant Execute and Traverse, not Read and Execute.

As an additional step, in the Admin Console (Security tab) select User Interface Profiles on the left.
Alongside 'Professional', click the drop-down and choose 'Set Properties'
Add in the user (or the user's group) and grant Execute and Traverse privileges.

Cheers!

MF.

[pooja]

Thank you MFGF,

Followed every steps/instructions. But NO success yet.



P

[MFGF]

Thank you MFGF,

Followed every steps/instructions. But NO success yet.



P

If you go to the Capabilities section of the Admin console and press the "Set properties - Capability" button in the top right corner, what permissions are defined currently on the Permissions tab?

MF.

[pooja]

Currently we have only ADMIN.

[pooja]

ADMIN with- Set Policy and Traverse.

[navissar]

Don't mean to intrude here, but here's my two cents:
You say, Pooja, that this is only two new users. In this case, you need to find out which LDAP or Cognos role they've been left out of, as compared with others. Use your company's infosec/system people if necessary. But stitching up security and capabilities in a per-user basis is always asking for trouble.

[MFGF]

ADMIN with- Set Policy and Traverse.

Ah! You need to add your user groups or users in here and grant them Traverse.

Cheers!

MF.

[pooja]

It is working now.  We added the user group to Capabilities section of the Admin console and press the "Set properties - Capability".

Thank you.



P

[MFGF]

It is working now.  We added the user group to Capabilities section of the Admin console and press the "Set properties - Capability".

Thank you.



P

Good news! Now all you need to do is to figure out how to prevent these new users from writing the world's biggest, ugliest most spectacularly bad SQL queries :)

MF.