If you are unable to create a new account, please email support@bspsoftware.com

 

Securing Package Access for Users with Varied Roles

Started by jimpixel, 15 Jan 2024 05:36:30 AM

Previous topic - Next topic

jimpixel

I've recently been tasked with enhancing the security model in Cognos, and one of the initial issues I uncovered is the vulnerability of the Cognos frontend web portal, where users proficient in SQL queries can utilize the SQL writer. I've mitigated this by implementing access denial for a specific user group in the Report Studio, user-defined SQL. However, I now face a challenge where a user has access to two different model packages. In one package, they possess user role rights, while in the second package, they have developer rights. How can I prevent the user from writing SQL queries in Package #1 while allowing them to do so in Package #2?

cognostechie

The permission is at the package level too. Go to the properties of the package, click capabilities and then you can assign/not assign/deny the permission for User defined SQL

jimpixel

Quote from: cognostechie on 15 Jan 2024 03:57:41 PMclick capabilities and then you can assign/not assign/deny the permission for User defined SQL
Thanks for the suggestions.
i've attempted what you suggested but when I click on capabilities it take me to a capabilities page but currently on the page is shows "Everyone".
it doesn't provide me with options to add a new group and role for me to deny access.

cognostechie

There is a checkbox at the top left of the page which says 'Override the capabilities acquired from the parent entry with:'. Check that on and then you will see options to 'Add' a group/role/user.

If you still don't see that then you may not have permissions to do this.

You cannot view this attachment.