Text only | Text with Images

COGNOiSe.com - The IBM Cognos Community

IBM Cognos 10 Platform => Cognos 10 BI => Security => Topic started by: kc9400 on 19 Oct 2015 08:22:05 AM

Title: Cognos Portal Access
Post by: kc9400 on 19 Oct 2015 08:22:05 AM
Good afternoon all,

I'm struggling to configure the Cognos Portal security. The aim of this is to secure the Cognos portal so that anonymous users can't get into it. Disabling anonymous in the Confguration doesn't work because this also prevents the user running the report from the default action url without logging in.

All reports are accessed via a secure portal where the user clicks a link and the link is pointed to the Default Action URL of a report.

If I remove the 'Everyone' group from the System Administrators role I can no longer run the reports as I get errors regarding access to packages. I've setup a new group for users (includes everyone and anonymous) and added Traverse, Execute, and Read permissions and I've added this group to the report permssions and to the package and it still doesn't run.

I've read a fair few documents and as far as I can tell it should work.

Does anyone have any tips on how to get this working?

If you need any further information let me know and I'll do what I can to provide it.

Thanks

Title: Re: Cognos Portal Access
Post by: Northern_Monkey on 04 Nov 2015 05:06:17 AM
Seems you're in a pickle.
I always remove the 'everyone group' from the sys admin group. Do you really want everyone to be able to take down services from within cognos admin?
Do you have an LDAP provider?

I think you may need a broader security plan.

For example, I remove 'everyone' from all roles.
I then assign the users/groups from the external security namespace to a role(s). These roles are then used in conjunction with capabilities.
Examples of Roles/Group created:
Admin
Consumer
Report Developers

I then assign users to these groups.

In the short term, an option from the cognos config you want to look at is:
'Restrict access to member of the built in nampespace'.
Title: Re: Cognos Portal Access
Post by: bdbits on 06 Nov 2015 04:55:04 PM
If you've got everyone with System Administrators you are likely in gross violation of your license agreement.

You should peruse the documentation here: http://www-01.ibm.com/support/knowledgecenter/SSEP7J_10.2.2/com.ibm.swg.ba.cognos.cbi.doc/welcome.html (http://www-01.ibm.com/support/knowledgecenter/SSEP7J_10.2.2/com.ibm.swg.ba.cognos.cbi.doc/welcome.html)

Especially the Administer and Deploy > Business Intelligence Administration and Security Guide.
Title: Re: Cognos Portal Access
Post by: kc9400 on 12 Nov 2015 08:35:09 AM
Thanks for the feedback so far, I'll be investigating further.

Hopefully I'll find a suitable solution
Text only | Text with Images