Need information regarding cognos tools security

[madhancog]

HI Gurus,
   I have created NTLM aunthentication in my machine.
   I have created the user and used that in cognos via NTLM.
   Now my requirement is the user should only see Query studio and report studio when they open the cognos connection.
  And they also should see some specified packages,so let me know what all the powers it shold have to achive the following will i need to give system admin permision for this?

Thanks in advance,
K.M

[MFGF]

Hi,

No - the user will not need to be granted system administrator privileges for any of this.  To allow the user access to Query Studio, you need to log in as an Administrator and go to the Admin console.  Go to the Security tab and select Capabilities on the left.  Go into the properties of the Query Studio capability and add your user (or one of the roles or groups the user belongs to), granting them at least Traverse and Execute privileges.  Then do the same for the Report Studio capability to grant the user access to Report Studio.

To allow the user to see/use package folders, go back to Cognos Connection and go into the properties of the relevant folder. On the Permissions tab, add your user (or a group or role the user belongs to) and grant Traverse, Read and Execute privileges.

Regards,

MF.

[madhancog]

Thanks for your information.
I logged in as admin and doing the same but my capabilities window are fixed and i am not able to edit any thing.
will i need to do anything extra,I am attaching my screens.

Thanks & Regards,
K.M

[MFGF]

Go to the next page of capabilities (so you can see the Query Studio capability) and use the down-arrow next to it to edit the capability's properties.  You should then be able to add you user/group/role as desired.

Regards,

MF.

[madhancog]

Thanks for ur kind reply...I have successfully created the security....

I have one more doubt will i can use windows XP as operating system to do the same..

Thanks
K.M

[MFGF]

I used to run a demo system on a laptop with XP Professional.  It obviously wasn't up to the job of supporting a live server environment, but it was ok for single-user demo purposes.

Regards,

MF.

[madhancog]

XP operating system is used only for standalone and i am not able to Use NTLM aunthentication.

I need to know what Roles the following users should have.(Directory admin,Report admin,server admin,system admin)

Types of user
1.Admin - who need have all access and do all admin task.
2.Report developer - who need to have access to FM,Reportstudio,Querstudio.
3.Analyst - who need to have access to Analysis studio,Query studio.
4.End user - who will need to have access to reports in the portal.

Thanks & Regards,
K.M

[MFGF]

1. Admin.  The user would need to be a member of the System Administrator role in the Cognos namespace. Usually the Admin role is the one who develops models in FM too.
2. Report Developer. The user would need to have capabilities to use Report Studio, Query Studio, would need access to use the relevant published reporting packages and would need traverse, read, execute and write access to the relevant folders to create the reports in.  If you wanted this user to have full FM capabilities too, you would also need to add them to the Directory Admin role so they could create data sources.
3. Analyst. The user would need to have capabilites to use Analysis Studio, Query Studio, and would need access to use the relevant published reporting packages and would need traverse, read, execute and write access to the relevant folders to create the reports in.  Maybe not write access if you don't want them to be able to save into the public areas.
4. End user. The user would need traverse, read and execute privileges to the relevant folders and reports to be able to run them interactively, or traverse and read privileges to be able to view pre-rendered report outputs only.

There are predefined roles for most of these in the Cognos namespace...

Regards,

MF.

[madhancog]

Then what is the use of server admin,report admin,where exactly we will be using it?

Thanks,
K.M

[MFGF]

They are subsets of the System Administrator role (along with Directory Admin).  You would only use these if you wanted to devolve some but not all admin responsibilities to others.

Regards,

MF.