If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

ACCESS DENIED for Public Folder (for all users)

Started by chiz, 15 Jun 2016 12:31:07 AM

Previous topic - Next topic

chiz

Hello!

I tested export and import reports on server. That was last what I do.
NOW:
All users (include admins) have 'ACCESS DENIED' for Public Folder.
Also, all users (include admins) can not run 'Cognos Administration' or something else (Report Studio etc.)

It looks like all permissions are deleted.


I had ActiveDirectory Authentication.
I tried to ON anonymous log on, but it is not help.


Please help)

Regards,
chiz

sunosoft

#1
what was content of your import export process ? was this the full content store export/import or few reports ? if few reports then  By chance do you remember if you have checked a check box "include cognos groups and roles" ? Is you authentication source same in both environment ?

I hope you will be lucky if you have content store back up in this situation.

Also check below link if applies to you.

http://www-01.ibm.com/support/docview.wss?uid=swg21677185
Thanks
SK

chiz

Quote from: sunosoft on 15 Jun 2016 02:06:33 AM
if few reports then  By chance do you remember if you have checked a check box "include cognos groups and roles" ?



Yes!! It was a few reports and maybe I checked a check box "include cognos groups and roles"

what can i do?


i have back up from the productivity server.
But this server have many other reports.

Where are reports stored?

and can I do AddSysAdminMember.sql ? For add 'Everyone' to Sys Admin?

MFGF

Quote from: chiz on 15 Jun 2016 03:09:42 AM

Yes!! It was a few reports and I checked a check box "include cognos groups and roles"

what can i do?


i have back up from the productivity server.
But this server have many other reports.

Where are reports stored?

and can I do AddSysAdminMember.sql ? For add 'Everyone' to Sys Admin?

I'd say your best bet here is to restore a backup from before you tried your import - that will give you a fully working system in one hit. Failing that, your next best option is to run AddSysAdminMember.sql to get your System Administrator capabilities restored, then re-assign the System Administrator rights to only the Admin user(s). Once you have this part sorted, you're going to have to re-setup all security from the top level of Public Folders downwards.

Good luck!

MF.
Meep!

chiz

Quote from: MFGF on 15 Jun 2016 03:23:24 AM
I'd say your best bet here is to restore a backup from before you tried your import - that will give you a fully working system in one hit. Failing that, your next best option is to run AddSysAdminMember.sql to get your System Administrator capabilities restored, then re-assign the System Administrator rights to only the Admin user(s). Once you have this part sorted, you're going to have to re-setup all security from the top level of Public Folders downwards.

Good luck!

MF.

thanks!!!
I will try this way!


Regards,
chiz

actcognosuser

Is there a way to check public folder location on content store? is it in cognos /c10 folders?

actcognosuser

This is an old post. Trying to check if the restore worked?
In the same situation where Cognos Workspace is the only available option on launch menu. Only partial content is visible in Public Folders . For other users access denied is displayed. How to restore access to report studio and other utilities when Cognos administration is not accessible.

MFGF

Quote from: actcognosuser on 06 Jan 2020 02:35:32 PM
This is an old post. Trying to check if the restore worked?
In the same situation where Cognos Workspace is the only available option on launch menu. Only partial content is visible in Public Folders . For other users access denied is displayed. How to restore access to report studio and other utilities when Cognos administration is not accessible.

Hi,

As I mentioned above, you can run AddSysAdminMember.sql if all else fails. This will install the Everyone group as a member of the System Administrators role, meaning you get access to your Admin functions again. You'll then need to add the real Admin user(s) as a member of System Administrators, and remove Everyone. Once you have got that far, you can then begin the arduous task of re-defining all your security and capabilities.

https://www.ibm.com/support/pages/how-restore-built-group-everyone-role-system-administrators

Good luck!

MF.
Meep!

actcognosuser

Thanks MFGF. Will explore this option. Currently a content store backup/restore  has been requested.
With the admin ID some of the folders in Public folders are visible but not all of them. Is there a way to check if the content is actually present on the server? to verify if it is only an access issue and not missing data issue.

MFGF

Quote from: actcognosuser on 08 Jan 2020 07:49:21 AM
Thanks MFGF. Will explore this option. Currently a content store backup/restore  has been requested.
With the admin ID some of the folders in Public folders are visible but not all of them. Is there a way to check if the content is actually present on the server? to verify if it is only an access issue and not missing data issue.

Does your Admin ID have System Administrator privileges (ie can you get into the Admin console as this user)? If not, it's likely just security getting in the way, and you'll hopefully see the missing folders once you restore the System Administrator privileges. Alternatively if it does, then it points to the content not being there, as members of the System Administrators role can see and do everything.

Good luck!

MF.
Meep!

actcognosuser

No the Admin ID does not have access to the Admin console, but is able to view partial content in Public Folders. Other user Id's have access denied to Public folders content.

Just thinking of alternatives if nothing works. Audit  is not configured. Is there another way to verify folder content on Content Store DB tables. Tried to query a few tables with no luck CMOBJPROPS25, CMOBJPROPS01. I assume it needs to be in a specific format to be readable. Most fields have nulls.

MFGF

Quote from: actcognosuser on 08 Jan 2020 01:40:33 PM
No the Admin ID does not have access to the Admin console, but is able to view partial content in Public Folders. Other user Id's have access denied to Public folders content.

Just thinking of alternatives if nothing works. Audit  is not configured. Is there another way to verify folder content on Content Store DB tables. Tried to query a few tables with no luck CMOBJPROPS25, CMOBJPROPS01. I assume it needs to be in a specific format to be readable. Most fields have nulls.

I'm just wondering how this issue came about? Has anyone changed the configuration of your authentication namespace in Cognos Configuration? Changing the name, for example, would mean all your users would appear differently, and you would therefore lose all your defined security.

If it's not reversible, then using AddSysAdminMember.sql is the way to go. It doesn't take long to do, and it would answer your question about whether the content is all still there.

Cheers!

MF.
Meep!

actcognosuser



We are not sure if anything changed. The last action on this environment was testing/validating  data sources. When you say changing the name, what namespace are you referring to? Sorry for the novice questions. Still a newbie to Administration.

After running this AddSysAdminMember.sql , does it required any setting to be to be changed on Cognos Configuration? Version is 10.2.
Per the KB document , restarting the server is the next action needed. I am also curious if stopping and starting the services will suffice versus server .


Thank You!


MFGF

Quote from: actcognosuser on 08 Jan 2020 03:09:05 PM

We are not sure if anything changed. The last action on this environment was testing/validating  data sources. When you say changing the name, what namespace are you referring to? Sorry for the novice questions. Still a newbie to Administration.

I'm referring to Cognos Configuration > Local Configuration > Security > Authentication > <your provider> and all the settings within this.

Quote from: actcognosuser on 08 Jan 2020 03:09:05 PM
After running this AddSysAdminMember.sql , does it required any setting to be to be changed on Cognos Configuration? Version is 10.2.
Per the KB document , restarting the server is the next action needed. I am also curious if stopping and starting the services will suffice versus server .


Thank You!

This is entirely separate from Cognos Configuration. When it says to restart the server, it really means stop and start the Cognos service :)

Cheers!

MF.
Meep!

actcognosuser


actcognosuser

Thanks for all your help MFGF. Backup DB  worked and access has been restored.