Securing Package Access for Users with Varied Roles

[jimpixel]

I've recently been tasked with enhancing the security model in Cognos, and one of the initial issues I uncovered is the vulnerability of the Cognos frontend web portal, where users proficient in SQL queries can utilize the SQL writer. I've mitigated this by implementing access denial for a specific user group in the Report Studio, user-defined SQL. However, I now face a challenge where a user has access to two different model packages. In one package, they possess user role rights, while in the second package, they have developer rights. How can I prevent the user from writing SQL queries in Package #1 while allowing them to do so in Package #2?

[cognostechie]

The permission is at the package level too. Go to the properties of the package, click capabilities and then you can assign/not assign/deny the permission for User defined SQL

[jimpixel]

click capabilities and then you can assign/not assign/deny the permission for User defined SQL

Thanks for the suggestions.
i've attempted what you suggested but when I click on capabilities it take me to a capabilities page but currently on the page is shows "Everyone".
it doesn't provide me with options to add a new group and role for me to deny access.

[cognostechie]

There is a checkbox at the top left of the page which says 'Override the capabilities acquired from the parent entry with:'. Check that on and then you will see options to 'Add' a group/role/user.

If you still don't see that then you may not have permissions to do this.

You cannot view this attachment.