Hello everyone,
I have a situation where we have AD groups already defined for Capabilities and Data access, where those groups are added into relevant Cognos groups etc, so a classic matrix based security model. Currently with this model users can login to Dev, Test and Prod.
We have just been asked to separate out those users who can access Dev, Test and Prod environments. Does anyone have any thoughts about what would be best practice to achieve this using the matrix approach?
Thanks
John
I thought about this some more overnight and decided I would try having an additional set of AD groups setup that I would then use to determine access to Cognos Connection on Dev, Test and Prod and then let the matrix take over. So almost like a gate - if you get through it then you get the normal security applied.
Anyone have any thoughts about how this might (or might not) work?
Thanks
JV