Object Level Security in Framework

[raj_aries81]

Hi All,

I have a scenario where I need to display one column for set of users and hide it for another group. Can I accomplish this using object level security. I don't have LDAP configured on my local system, hence unable to test this scenario.

I found a workaround for this using CSVIdentityNameList. However, I think it would be more appropriate to use object level security if there is any such feature in Cognos

Thank you all for your inputs.


Regards
Raj

[Francis aka khayman]

yes you can use object level security in framework manager

[raj_aries81]

Thanks Khayman..is the report going to run for the user that I have denied the access to a column

[Francis aka khayman]

if the user have an existing report wherein he was subsequently denied access to one of the items, cognos will throw an error when the user run the report.

Thanks Khayman..is the report going to run for the user that I have denied the access to a column

[raj_aries81]

Thanks Khayman..I want to see this in the report output for business users not for the report developers or power users

[MFGF]

Thanks Khayman..I want to see this in the report output for business users not for the report developers or power users

If you want the report to be able to run for all users (whether they have access to the column or not) then you're not going to be able to use the standard object security. This prevents a report from running if a user does not have access to all the items within it.

A good approach to achieve what you desire is obfuscation. You can create calculated query subject items that either return the original column value or return xxxxxxxxx (for example) based on the user/group/role, and include these in the package (hiding the original items).

Cheers!

MF.

[raj_aries81]

Thanks MFGF, I will use CSVIdentityNameList function to identify the groups/users based on the user who is running the report and populate the data based on it, I was curious to know if there is anything that we can leverage using Object Security.

Could you please let me know if there is any security that can be implemented on a saved output run by a super user.

Regards
Raj

[MFGF]

Thanks MFGF, I will use CSVIdentityNameList function to identify the groups/users based on the user who is running the report and populate the data based on it, I was curious to know if there is anything that we can leverage using Object Security.

Could you please let me know if there is any security that can be implemented on a saved output run by a super user.

Regards
Raj

A super user? What does that mean? Someone with System Admin privileges? If so, there's not a lot you can do - System Administrators can see and do everything, regardless of security.

For other users, it sounds like you're describing report bursting - having a report run and deliver multiple saved outputs intended for different users/groups/roles?

Cheers!

MF.

[raj_aries81]

A super user? What does that mean? Someone with System Admin privileges? If so, there's not a lot you can do - System Administrators can see and do everything, regardless of security.

For other users, it sounds like you're describing report bursting - having a report run and deliver multiple saved outputs intended for different users/groups/roles?

Cheers!

MF.

Thanks MFGF. What I meant is once the report output is saved to the content store, can we have an obfuscate the report output. I guess NO, but just want to confirm if that can be done.

Also, can we leverage CMOBJPROPS33 table to hide and show the column instead of obfuscation. I am trying to figure out Group column from the Audit Package but could not find it.

Thanks & Regards
Raj

[MFGF]

Thanks MFGF. What I meant is once the report output is saved to the content store, can we have an obfuscate the report output. I guess NO, but just want to confirm if that can be done.

Once the output is generated it's static - all users are doing is viewing it. This is where bursting comes in - the report runs and generates a set of saved outputs - one for each user/group/role etc included in the burst specification.

Also, can we leverage CMOBJPROPS33 table to hide and show the column instead of obfuscation. I am trying to figure out Group column from the Audit Package but could not find it.

It's not something I have ever attempted, sorry.

MF.