Package Security - From Framework Manager or Parent Directory?

[Juggernaut]

Since FM package security is not editable after it is published, wouldn't be advisable to just use the inherited security from the parent directory? Is there an advantage to FM package security if you are using well designed directory security? Does inherited directory security protect a package as well as FM package security?

(The security on our Cognos directory will use the Cognos namespace at a minimum and use Active Directory groups like we would for our physical files and folders.)

I am new at this, so if I don't make any sense, please let me know. I welcome all comments.

[cognosjon]

Hi, depends greatly as to what level of security you are after, for instance I'm currently working on a project whereby I'm applying security at a data level within Framework using groups that are managed from Active Directory.

I always like to try and apply security to packages within the Framework as well, just seems to keep everything tidier.
Do I take it from your post that once published your not allowed to go back and republish the framework?

[Juggernaut]

We can republish the package, but you cannot change the security after the initial publish with security.

Say I gave AD group "Group Finance" access to a particular package, then at some point in the future, someone outside of Finance needs access to it. It's either I have to add someone who isn't in the Finance department to "Group Finance", or delete the package and rerepublish, which would not be advisable.

I could see creating an AD group for per package, but that seems like a lot of work. Especially since it takes for ever to get that done around here.