If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Built in 'Everyone' group and licensing

Started by mdvriese, 27 Jan 2023 08:14:51 AM

Previous topic - Next topic

mdvriese

Hi,

During an audit's the question came if:
- anonymous is disabled
- everyone is disabled

I know anonymous should be disabled via config, and we also check 'only allow members of the built in namespace'.
I realize you can also disable (uncheck via portal administration) the built-in everyone group.
But I've never seen (nor can find back now) any recommendation to do that!
I know you have to remove everyone from built in Cognos groups/roles; but nowhere is suggested to disable everyone.
(and Everyone can exceptionally be used to easily grant 'all authenticated users' to something, if you would need to.)

Not sure to what extent this matters If we set only 'allow members of the built in namespace'. Don't think it does..
We manage all our users in AD groups and map those through to Cognos groups.

Is anyone disabling Everyone, and/or have more info in what circumstances this should be done?

MFGF

Quote from: mdvriese on 27 Jan 2023 08:14:51 AM
Hi,

During an audit's the question came if:
- anonymous is disabled
- everyone is disabled

I know anonymous should be disabled via config, and we also check 'only allow members of the built in namespace'.
I realize you can also disable (uncheck via portal administration) the built-in everyone group.
But I've never seen (nor can find back now) any recommendation to do that!
I know you have to remove everyone from built in Cognos groups/roles; but nowhere is suggested to disable everyone.
(and Everyone can exceptionally be used to easily grant 'all authenticated users' to something, if you would need to.)

Not sure to what extent this matters If we set only 'allow members of the built in namespace'. Don't think it does..
We manage all our users in AD groups and map those through to Cognos groups.

Is anyone disabling Everyone, and/or have more info in what circumstances this should be done?

I have never heard of a requirement to disable the Everyone group. I'd be concerned that if you do this, it might lock out everyone who doesn't have System Admin privileges. I have always advocated that you should work through all your roles and remove the Everyone group from being a member of each role - and replace with just the required groups. Leave the Everyone group intact, though.

Cheers!

MF.
Meep!

sdf

Yes, it's a bit concerning if you are disabling the 'Everyone' group. This means you need particular groups/roles for each objects you have. Imagine  if you have a public content/object, instead of just using 'Everyone' you then need to add several specific groups to assign permissions.




sdef