I work for a centralized system office that supports 14 discrete entities – 13 colleges and the System Office. We have 14 namespaces defined and users select their namespace before they log in. This is baseline Cognos functionality. In our current set-up, we limit users to seeing only their own college's data based on the namespace that they are logging in from.
We are moving to a new consolidated Active Directory structure, where users will be assigned a "home" institution – and will have a notation in the AltSecurityID in Active Directory that lists additional colleges that they are also associated with – and therefore are allowed to see data for that college. Our dilemma is how to limit users to only see one college's data at a time. Our preference would be to force a user select a single college either after they log in and set a session context that reflects that value – but we're not quite sure how to accomplish that.
Is there a way to create a page that anyone with a value in the AltSecurityID would be required to respond to – and have them select the college they wanted to see for that session?
Row-level security. You can define filters based on user properties in Active Directory (home institution or AltSecurityID) that appear in Cognos as session parameters. Include this in the Framework Manager model.
Rather than forcing them to specify a single college at logon, have you considered prompting for college? If you use a value prompt populated by a query, you can limit the available values based on the row-level security filter. This may also enable them to run a report for multiple colleges at once if they have a need to do so.