COGNOiSe.com - The IBM Cognos Community

IBM Cognos 10 Platform => Cognos 10 BI => Framework Manager => Topic started by: cognos05 on 22 May 2015 02:53:56 PM

Title: Question on Object level security in Cognos FM
Post by: cognos05 on 22 May 2015 02:53:56 PM
Once you set security for one object, you need to set it for all objects.  what does this exactly mean.

I tried setting the object based security selecting an column from a table and giving deny access to one specific user and allow for everyone.

Now when that user logs in , he is not be able to see any of the objects in the namespace. but ideally only one object was given deny access.

For other users they are able to see that one object only and the other objects are not shown.

So If I have a requirement to hide only one object, do I need to still visit other objects and make the default settings ? or is there a one place where I can set for the rest.

Your suggestions are highly appreciated.

Thanks,
Nithya
Title: Re: Question on Object level security in Cognos FM
Post by: CognosAnalytics on 22 May 2015 02:58:45 PM
Hello nithya1224,
Once you set security for one object, you need to set it for all objects, is exactly what you are seeing in this case.
In your case you applied object level security to one column (deny for one user, allow for everyone) but did not provide any security for the other columns. As per the statement, now you have to provide "Allow" to "everyone" for all the other columns.

-Cognos810
Title: Re: Question on Object level security in Cognos FM
Post by: cognos05 on 22 May 2015 04:05:26 PM
SO , I have to go to all the tables and all the columns and set allow to everyone. Is that the way it behaves ?
Title: Re: Question on Object level security in Cognos FM
Post by: CognosAnalytics on 22 May 2015 07:11:20 PM
Yes, first step is to CTRL-Select all the query subjects and then specify "Allow" to Everyone.
Second step, deny access to that particular column for the user/group/role that you are trying to hide.

-Cognos810
Title: Re: Question on Object level security in Cognos FM
Post by: Michael75 on 23 May 2015 08:24:09 AM
@ nithya1224

In addition to all the good advice that cognos810 has just posted, take a look at a closely-related discussion here, where you will find useful info from other Cognoise luminaries:

http://www.cognoise.com/index.php/topic,25617.0.html (http://www.cognoise.com/index.php/topic,25617.0.html)
Title: Re: Question on Object level security in Cognos FM
Post by: MFGF on 26 May 2015 12:04:34 PM
Quote from: cognos810 on 22 May 2015 07:11:20 PM
Yes, first step is to CTRL-Select all the query subjects and then specify "Allow" to Everyone.
Second step, deny access to that particular column for the user/group/role that you are trying to hide.

-Cognos810

No - you don't need to do this. Object Security is inherited from higher levels in the structure if it's not explicitly defined. This means you can go to the top level namespace in the model, grant access to the Everyone group to that namespace, and this is then inherited by all objects below this that do not have explicit security defined. Doing things this way keeps the security model simple - using CTRL-Select on all the query subjects applies security independently to every single one. If you want to modify it later, it's a HUGE task to do.

MF.


Sent from my iPad using Tapatalk HD
Title: Re: Question on Object level security in Cognos FM
Post by: cognos05 on 26 May 2015 01:17:37 PM
Thank you !1 That saves more time when compared to selecting all query subjects and then setting access..
Title: Re: Question on Object level security in Cognos FM
Post by: bus_pass_man on 26 May 2015 07:31:36 PM
The Cognos-taught method for object security recommends two possible approaches.   One is lock down and allow and the other is open then deny.  Both methodologies work best if you set the object security first on the model root.  This allows the other objects in the model to inherit whatever setting you have chosen.   I tend to lean to the lock down and allow side.

I can't find a doc about it on-line.  This one touches on the matter but not fully.  http://public.dhe.ibm.com/software/dw/dm/cognos/modeling/security/security_in_framework_manager.pdf