ACCESS DENIED for Public Folder (for all users)

[chiz]

Hello!

I tested export and import reports on server. That was last what I do.
NOW:
All users (include admins) have 'ACCESS DENIED' for Public Folder.
Also, all users (include admins) can not run 'Cognos Administration' or something else (Report Studio etc.)

It looks like all permissions are deleted.


I had ActiveDirectory Authentication.
I tried to ON anonymous log on, but it is not help.


Please help)

Regards,
chiz

[sunosoft]

what was content of your import export process ? was this the full content store export/import or few reports ? if few reports then  By chance do you remember if you have checked a check box "include cognos groups and roles" ? Is you authentication source same in both environment ?

I hope you will be lucky if you have content store back up in this situation.

Also check below link if applies to you.

http://www-01.ibm.com/support/docview.wss?uid=swg21677185

[chiz]

if few reports then  By chance do you remember if you have checked a check box "include cognos groups and roles" ?

Yes!! It was a few reports and maybe I checked a check box "include cognos groups and roles"

what can i do?


i have back up from the productivity server.
But this server have many other reports.

Where are reports stored?

and can I do AddSysAdminMember.sql ? For add 'Everyone' to Sys Admin?

[MFGF]

Yes!! It was a few reports and I checked a check box "include cognos groups and roles"

what can i do?


i have back up from the productivity server.
But this server have many other reports.

Where are reports stored?

and can I do AddSysAdminMember.sql ? For add 'Everyone' to Sys Admin?

I'd say your best bet here is to restore a backup from before you tried your import - that will give you a fully working system in one hit. Failing that, your next best option is to run AddSysAdminMember.sql to get your System Administrator capabilities restored, then re-assign the System Administrator rights to only the Admin user(s). Once you have this part sorted, you're going to have to re-setup all security from the top level of Public Folders downwards.

Good luck!

MF.

[chiz]

I'd say your best bet here is to restore a backup from before you tried your import - that will give you a fully working system in one hit. Failing that, your next best option is to run AddSysAdminMember.sql to get your System Administrator capabilities restored, then re-assign the System Administrator rights to only the Admin user(s). Once you have this part sorted, you're going to have to re-setup all security from the top level of Public Folders downwards.

Good luck!

MF.

thanks!!!
I will try this way!


Regards,
chiz

[actcognosuser]

Is there a way to check public folder location on content store? is it in cognos /c10 folders?

[actcognosuser]

This is an old post. Trying to check if the restore worked?
In the same situation where Cognos Workspace is the only available option on launch menu. Only partial content is visible in Public Folders . For other users access denied is displayed. How to restore access to report studio and other utilities when Cognos administration is not accessible.

[MFGF]

This is an old post. Trying to check if the restore worked?
In the same situation where Cognos Workspace is the only available option on launch menu. Only partial content is visible in Public Folders . For other users access denied is displayed. How to restore access to report studio and other utilities when Cognos administration is not accessible.

Hi,

As I mentioned above, you can run AddSysAdminMember.sql if all else fails. This will install the Everyone group as a member of the System Administrators role, meaning you get access to your Admin functions again. You'll then need to add the real Admin user(s) as a member of System Administrators, and remove Everyone. Once you have got that far, you can then begin the arduous task of re-defining all your security and capabilities.

https://www.ibm.com/support/pages/how-restore-built-group-everyone-role-system-administrators

Good luck!

MF.

[actcognosuser]

Thanks MFGF. Will explore this option. Currently a content store backup/restore  has been requested.
With the admin ID some of the folders in Public folders are visible but not all of them. Is there a way to check if the content is actually present on the server? to verify if it is only an access issue and not missing data issue.

[MFGF]

Thanks MFGF. Will explore this option. Currently a content store backup/restore  has been requested.
With the admin ID some of the folders in Public folders are visible but not all of them. Is there a way to check if the content is actually present on the server? to verify if it is only an access issue and not missing data issue.

Does your Admin ID have System Administrator privileges (ie can you get into the Admin console as this user)? If not, it's likely just security getting in the way, and you'll hopefully see the missing folders once you restore the System Administrator privileges. Alternatively if it does, then it points to the content not being there, as members of the System Administrators role can see and do everything.

Good luck!

MF.

[actcognosuser]

No the Admin ID does not have access to the Admin console, but is able to view partial content in Public Folders. Other user Id's have access denied to Public folders content.

Just thinking of alternatives if nothing works. Audit  is not configured. Is there another way to verify folder content on Content Store DB tables. Tried to query a few tables with no luck CMOBJPROPS25, CMOBJPROPS01. I assume it needs to be in a specific format to be readable. Most fields have nulls.

[MFGF]

No the Admin ID does not have access to the Admin console, but is able to view partial content in Public Folders. Other user Id's have access denied to Public folders content.

Just thinking of alternatives if nothing works. Audit  is not configured. Is there another way to verify folder content on Content Store DB tables. Tried to query a few tables with no luck CMOBJPROPS25, CMOBJPROPS01. I assume it needs to be in a specific format to be readable. Most fields have nulls.

I'm just wondering how this issue came about? Has anyone changed the configuration of your authentication namespace in Cognos Configuration? Changing the name, for example, would mean all your users would appear differently, and you would therefore lose all your defined security.

If it's not reversible, then using AddSysAdminMember.sql is the way to go. It doesn't take long to do, and it would answer your question about whether the content is all still there.

Cheers!

MF.

[actcognosuser]

We are not sure if anything changed. The last action on this environment was testing/validating  data sources. When you say changing the name, what namespace are you referring to? Sorry for the novice questions. Still a newbie to Administration.

After running this AddSysAdminMember.sql , does it required any setting to be to be changed on Cognos Configuration? Version is 10.2.
Per the KB document , restarting the server is the next action needed. I am also curious if stopping and starting the services will suffice versus server .


Thank You!

[MFGF]

We are not sure if anything changed. The last action on this environment was testing/validating  data sources. When you say changing the name, what namespace are you referring to? Sorry for the novice questions. Still a newbie to Administration.

I'm referring to Cognos Configuration > Local Configuration > Security > Authentication > <your provider> and all the settings within this.

After running this AddSysAdminMember.sql , does it required any setting to be to be changed on Cognos Configuration? Version is 10.2.
Per the KB document , restarting the server is the next action needed. I am also curious if stopping and starting the services will suffice versus server .


Thank You!

This is entirely separate from Cognos Configuration. When it says to restart the server, it really means stop and start the Cognos service :)

Cheers!

MF.

[actcognosuser]

Thank You so much!

[actcognosuser]

Thanks for all your help MFGF. Backup DB  worked and access has been restored.