Security in Framework Manager

[cognos_users]

Hi,

Is there any way to hide a query subject in Query Studio to a group of users but still give them ability to run the reports built in Report Studio containing the query items of that query subject?

We have a query subject which do not want it to be available to Users. But, the query subject should be visible to report authors to build reports using those query items and the Users(to whom the QS is hidden in QueryStudio) should be able to run the report without any security issue.

I tried setting up object level security to the QS and made it available only to report authors, but that will hinder the users from accessing the reports which contain the items from that QS.

Thanks.

[rlp]

I like to hide the original data item and create a wrapper item with code like this:

if ('Sensitive Role' in (#CSVIdentityNameList()#))
then ([Hidden Data Item])
else ('***')

Hope this helps.

[bpeterson]

How did you set up the security? Did you allow execute permissions for all other users?

[rlp]

We do not use Object Security, so yes we allow access to all users (actually groups of users).

I've never clearly understood how that differs from assigning permissions to files and/or folders using Cognos Connection.

[francois]

If you just want to hide the all of the package data to "user" in query studio then see the following, if i didn't understood ....then sorry

Make a specific package,
set the permission on the package
for the users role/group (execute, traverse)
for the authors role/group (read, execute, traverse).

users accessing query studio will be denied browsing. But are able to run reports based on the package (get final result).
Authors will have both rights.

In my knowledge there's no way to hide a data from query studio if at the same time you want the user to be able to see a report using it....or you generate a view, but in this case everybody can see. Data object security won't be good, security functions can only be used for instance to replace value by zero if user is not part of the group xxx... any other way to use it leads to crash the report while user try to run it.

Anyway..i'm interesting in your solution if you're finding one since i'm facing the same requirement and the same problem  ;)

[tabell2001]

I have a similar situation.  I have a package that is made of three namespaces.  Two are public and accessible to all.  One namespace is against a data-source that I want to control.  I want to allow both consumers and developers to run a report but I don't want developers to be able to create reports against that secured namespace.

To do this, I use Object security on the three namespaces.  The object security gives all of my consumers/developers access to the first two namespaces but i 'deny' the developer class access to the third namespace.

Normally this would disallow any developers from running the report.  I get around this by creating a super-user.  Login as the super-user and go to the 'My Preferences' drop down and then go to the Personal Tab.  Here you can 'create credentials' and then assign groups/roles that can use those credentials.  I allowed the consumer and developer class to use my super-user credentials.

Make sure that  the super-user has set policy permission to the folder where the reports reside.  Login with the super-user and click on the set properties icon for each report.  On the General tab take ownership of the report by clicking on the 'Make me the owner' link.  Next go to the Report tab and click on the 'Run as owner' check box.  Then say OK.

Now your user can run a report against the secured namespace, but if they try to open the report in any of the studios, the report will not validate and will throw errors.

Hope that helps.