Hi
I need advice on Cognos security measures. We have several published packages, each associated with a distinct business entity. According to business rules, users assigned to a specific publish package should only be able to work within that assigned package. However, a challenge arises when users create a report using their designated publish package, as they can write direct update queries in the SQL query area, potentially allowing them to modify data in the database. This poses a significant risk of data breach. What security or permission configurations can I implement to prevent users from writing update queries and modifying the database directly?
Quote from: jimpixel on 18 Dec 2023 09:46:03 PMHi
I need advice on Cognos security measures. We have several published packages, each associated with a distinct business entity. According to business rules, users assigned to a specific publish package should only be able to work within that assigned package. However, a challenge arises when users create a report using their designated publish package, as they can write direct update queries in the SQL query area, potentially allowing them to modify data in the database. This poses a significant risk of data breach. What security or permission configurations can I implement to prevent users from writing update queries and modifying the database directly?
Hi,
I don't believe update/insert/delete is syntax allowed within the SQL object of a Cognos report. I just attempted it against one of the sample databases to be sure, and see a message saying "...'update GOSALES.XGOREV set GO_OBJ_NAME = 'ALL' where GOREV_ID = 5020' is not a valid subquery or table reference."
I think the only way to update a database from within a report is to call a stored procedure. It is the stored procedure that would making the update, so if no such procedure is available, there is no mechanism to update.
Cheers!
MF.