If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Securing Access Manager

Started by terry_stjean, 25 May 2007 03:06:09 PM

Previous topic - Next topic

terry_stjean

If someone has Access Manager Admin installed on their PC, is there anyway to restrict what they can do in Access Manager. For example, only mantain certain users in a group.
Also, does a user have to be part of Root User Class to be able to use Access Manager or can they belong to any group as long as they have an account in Access Manager.

Terry

COGNOiSe administrator

They can belong to a UC different than Root UC and administer all users in that particular UC. Check documentation on the subject of delegation.

SomeClown

The way I've seen it work to get close to Sarbox compliance is to do the following:

Root Userclass
   Security Admin Userclass
        App Admin1 UC
             App 1 UCs
        App Admin 2 UC
             App 2 UCs
etc, etc,

UCs browse/delegate down (can't see all).  Gave all Admin UCs rights to see all Users so that one user could be assigned to multiple apps.    App Admin UCs can create their own UCs under their branch but not someone else's

Security Admin is dedicated security group that doesn't administer apps, only userids, etc.  Not 100% SOX but close enough for many companies.

Careful on some of the settings on UC delegation permissions.  It's possible to reset an entire branch when you don't mean to.