Ok, I created a CAP similar to the JDBCSample, but when I add a role from the namespace to a cognos group say the System Administrators and log in as a user in that role I do not have the correct permissions. Now if I add the individual user from the namespace to the cognos group it appropriately assigns the permissions. Under the security directory if I click on more next to the role and goto members it does list my test user account.