Roles and Groups

[TEL]

Hello everyone,

I'm starting implementing security and wondered if anyone could provide a little differentiation and definition around the function of Groups and Role in the C8 security model.

My understanding is that Groups are used to collect users together but can't be used to apply security restrictions unless attached to Roles. Users and/or Groups can be attached to roles....is this correct or am I on the wrong track completely? I reviewed the training manual and Groups and Roles always seem to be mentioned together.
I guess if the above is correct it is possible to have a security model which doesn’t user Groups at all.
Any comments greatly appreciated.
Thanks in advance
Tel

[JGirl]

Roles exist in the Cognos namespace and are generally used to control access to Cognos functionality and capabilities (ie. studios, administration permissions etc) and are almost a direct mapping to license roles (eg. Consumers, Query Users, System Administrators)

Groups are generally brought in from other namespaces (eg. LDAP Finance, HR etc) are generally used to secure content such as packages, reports, report views etc.

If you have only a small number of users (30ish), there is no reason you couldnt map LDAP users directly to Cognos roles and almost do away with the need for groups (except the 'Everyone' and 'All Authenticated Users' groups in the Cognos namespace), however in larger implementations, security is much easier to manage when you use groups.

Hope this helps.
J

[TEL]

Thnx J,

That's a very helpful definition.

KR

Tel