If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Framework Manager Data Security

Started by kristofferj, 22 May 2015 01:41:41 AM

Previous topic - Next topic

kristofferj

Hi,

I have set data security filter for a Customer-dimension, this seems to work fine in that those customers can only see their own data when running reports. However this has also affected other users in that they cannot see anything that has to do with the Customer-dimension. As I understand, if a user is NOT listed in this security filter they can see everything in the dimension. As long as they have the correct privileges in Cognos Connection.
The security in Cognos Connection is setup properly and everything worked fine before I applied the security in FM. Anyone experienced this before?

Kind regards,
Kristoffer

Update:
As a temporary solution I can add a user/group with something like "Customer is not missing", then that user/group can see all customers but not missing values.
Also with my account I can see all the data but another user can not even though we are both AdminĀ“s in Cognos Connection.

cognos810

Hello kristofferj,
"As I understand, if a user is NOT listed in this security filter they can see everything in the dimension." is not correct. Once you have setup a security filter, a user HAS TO be in that security-group to see the data. This also explains why one of the other Admins is not able to see anything while you are. Looks like you are a member of that group which is used to secure the customer-dimension and the other person is not.

Can you please provide a little more explanation on how the customer groups are defined and the expression that filters the data. I am guessing you have customer groups or roles defined by the same name and then are using #CSVIdentityNameList()# to filter the rows with IN comparison. Is that correct?

-Cognos810

kristofferj

#2
Hi,

Thanks for your reply, I have attached an example of how the filter is setup to make it more clear of what I am trying to do.
http://imgur.com/kQIekwH
According to this document (Cognos 8 ), ftp://public.dhe.ibm.com/software/dw/dm/cognos/modeling/security/security_in_framework_manager.pdf, it says "If a user or group is not listed in
the security filter then that user or group has unrestricted access to that query
subject.". I have not found the equivalent for Cognos 10 but I assume this still applies.

The second filter is the temporary solution. For example my account (Admin) is not part of the "Cognos 100" group, and neither are my colleague but if I only use that filter, I can see the data but he cannot (also Admin). Therefore I use the temporary solution, but I would like to manage without that.

Kind regards,
Kristoffer