Control admin access

[nagoole]

Hi All,

In our cognos 102.1 env we have more than 100 application some application open to everyone some others having security.
we have requirement like one set of user coming with LDAP and they want to see all application in our env without administration console

Cognos 102.1 env distributed
Sun one LDAP
 

[bdbits]

I assume "having security" means folder permissions. Assuming you want to maintain security for everyone else, you will need to create a group for these users and add them to the permissions for each of your folders. There is no magic that will let you override security for a particular group of users, other than the admin role (which is not exactly cheap per user).

[nagoole]

We have more than 80 packages are applied security is it possible can we grant access to see all application without go one by one packages

Actual requirement is new group should able to see all packages like (system admin ) without write and set policy, also they do not cognos administration  in cognos connection

[Andrew Weiss]

Nagoole,

MetaManager's Security Painter does exactly this.  You can select a group of packages (or any object) and then choose to Append a new group or user to the existing security.  Using this option the existing security on the objects will remain in tact and the new group will simply be added to the permissions.

There is a 3 minute video on the tool located here:
http://www.bspsoftware.com/Products/MetaManager/Secure/

[Yunus]

Nagoole,

It sounds like you already apply security to the applications based on LDAP groups.  While Andrew provides a great solution that is flexible and scalable (MetaManager Security Painter) you may also be able to accomplish this by adding a new group within the LDAP and adding that group to the existing application groups in your LDAP.  I would caution you however that you lose some auditability when doing this as it can be difficult to see through groups of groups in some LDAPs.