Background:
Cognos 8.3, using Active Directory for 3rd party namespace, small user base (2 admins, 10 report authors, 20 report consumers)
We are about to roll out Cognos 8 to our users (pending my setup and blessing :-). I have been playing with security and capabilities using AD and the Cognos namespace, and I think I have decided to use the Cognos namespace a little as possible. I planned on having 3 AD groups (Admin, Authors, Consumers) and making those groups members of Cognos namespace roles System Administrator, Authors, and Consumers. Then for the directory structure, use strictly AD groups and blow away the default Cognos settings. I have been experimenting and everything seems to be working as I planned.
Issue:
If I create a report off of a package that only has Author security, and try to access the report with only Consumer access, it errors out because Consumer doesn't have access to the package. Giving the Consumers access to the package understandable fixes the problem. Does that mean that if I have a report that is for the general public, they have to have security rights to the package? I know that really wouldn't be a big deal, since a Consumer wouldn't be have access to any studios, but what about an Author I want to have a report but not access the package?
Also, it seems be easier to secure a package using the directory/parent directory security instead of publishing it with security from Framework Manager. Would you fine people agree or disagree with that?
I am completely open to better ideas then my attempt at this.
Thanks in advance.
I think maybe I was missing something. If save a view of the report, or the output of the report to a public place, then the public could view it. I think I have to think of Report Readers separate then Report Consumers.