If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Security between Cognos and Analysis Services cube

Started by Montanari, 04 Sep 2008 09:17:48 AM

Previous topic - Next topic

Montanari

Hello friends,

I have here an interesting question that, I believe, you have already faced or will face in the near future. We have a problem relating to security between Cognos 8 and a Microsoft cube (Analysis Services 2005).

Our team received a request to create a follow-up report to the sales area with the following requirements:

-- There are 5 responsible for sales and each controls its own key account.
-- Information from key accounts should be available in a single report (Report Studio).
-- Each of those responsible should receive only the information of their key account.
-- The general manager should receive the information of the 5 key account customers.

There is no news so far. The proposed solution requires the creation of groups to segregate the information.



The problem is that the source of data is a Microsoft cube. Therefore, I see 2 limiting factors in the implementation of security:

1 - The Framework Manager (Cognos 8.3) does not allow the inclusion of filters in the cube. So there is no way to associate (filter) the cube content to the user group.

2 - There are security applied to the cube Microsoft and it recognizes the groups of users (all right for now ...). Meanwhile, the datasource created the portal Cognos 8 uses a signon based on a unique user (the "Cognos 8 service credentials"). So when it fired a query against Analysis Services is now using a single user. In other words, the filtering of information will not match the context of the user logged on the portal ...

Did someone has already faced this problem?

Does someone had an idea about how to fix this problem (any workaround) ?

Thanks a lot for your help.

Best Regards

Renato Montanari

CogDT

I would have thought that you would have to do something like the following:

1) Create a set of signons for different groups of users to see
2) Set up active directory as your authentication namespace
3) Associate the groups and roles with those signons..