Authorization according to data

[Chau-BSDSolution]

Hi everyone!

I have data of the 7 member companies in database Warehouse and I want authorization according to data.
Member companies will see the company's data and Corporations will see all data of 7 companies.
I can not imagine how to do and where decentralization. How to make ????

Thanks all

[bdbits]

You will need a way to determine a common data element that can identify a data item in your warehouse with data you have about the user. For example, a company identifier might be a common dimension in the warehouse and a user's company be determined by group membership in Cognos or an authentication data source. Then you can build security filters in your query subjects, either in the query subject's filters tab, or selecting the query subject in Framework Manager and Actions > Specify Data Security... from the menus.

For a real-world example from my current employer, we use active directory for authentication and authorization. So I created a set of filters that check if a particular attribute appearing in each of the fact table query subjects matches a particular value. Using the Data Security dialog on the fact query subject, I choose an AD group and the relevant security filter. When a user accesses the fact table, Cognos will see from the metadata that security filters are present, find any matching group the user belongs to in AD, and apply the filter.

This is not the only way to do it, of course, but hopefully this makes some sense to you and gives you a starting point. The key is tying the user to some relevant attribute found in the items they will query. From there it is a matter of mapping between the two pieces of information.

[Chau-BSDSolution]

Hi bdbits

In addition to this the separation of powers we have any other way, because we have to 7 companies and other affiliates. When such authorization is not inconvenient. We have so many users.

Thanks all.

[bdbits]

I suppose you could create separate Cognos packages, one for each company with query subjects specific to that company, and one addtional package that has everything. Then you could use Cognos permissions (ACLs) to determine who has access to which packages through Cognos Connection. ACLs can contain individual users, or groups to which the users belong (groups are recommended). Obviously someone would have to add users to groups in whatever namespace you put the groups. You are going to have some setup and maintenance regardless of how those users/groups are used to enforce security.

Hope that helps.