Can someone help me out in understanding the difference between directory administrator and system administrator roles in Cognos. Is it okay to have directory administrator(Empty though)_ assigned to every cognos group. It gets assigned by default though. Is there a need to delete the permissions?
Your post belongs in an admin section, where it is far more likely to get a response. I can move it for you, but you did not say what version you are on.
Thanks for Responding. We are using Cognos V10.2.2
I moved the post for you :)
MF.
System Administrators are the Cognos "God". They have full access to everything, regardless of the security policies that are set on the objects. This is a predefined role that cannot be empty.
Directory Admins have access to manage the "directory of users". They can manage the namespaces, assign capabilities, manage user profiles, etc. This can be empty.
It's difficult to advise how to manage your security model without having intimate knowledge of your authentication provider and the groups/structure within it. As a general rule, it's better to assign groups defined within your organizations LDAP/AD to these Cognos groups and roles rather than individual users. It makes maintenance a lot easier.