url security

[jmoore]

I would like to restrict file access to certain users. I'm able to create a folder in cognos and hide that from unauthorized users. But what if I want to put say some excel files in that folder, the restricted users can see them if they find out what the url is.

I.e. I create folder ExcelFiles in cognos and restrict it from Jim, Bob and Sue. It works fine. Jim, Bob and Sue cannot see that folder when logged into cognos. However, Jim sees an email and finds out the url to one of the files, e.g. www.devcognos.com/ExcelFiles/Excel1.xls. Jim types the address in his web browser and can bring up the file.

How can I prevent this? I've tried putting restrictions on at the file level but it doesn't work. Thanks.

[larsonr]

Are these files created by Cognos or just URL's to files you have created outside of CC?

If you are able to make the rendered XLS by a report, then you can use Cognos security successfully as it then becomes report security. 

If its a matter of hiding it securely, and its not generated by CC, my recommendation would be to store the file as a BLOB in the database.  Now they can't access it without appropriate permissions to the database.  This is essentially how Cognos stores the PDF views of its reports by saving the PDF output as a BLOB in the content store.