External access to Report Studio 8.3 reports for suppliers

[ian.hawksey]

Hi Guys

I have been asked to investigate how our suppliers can access a pre-defined RS reports so they can run them on demand.

What are the considerations?  eg security (ie make sure they can only see their own data), output (eg PDF, where to), speed  etc.

Any suggestions, real life experiences very welcome

Cheers

Ian

[MFGF]

Hi Ian,

Do they really need to run them on demand, or is it appropriate to give them access to pre-defined saved outputs for the reports?

Security is obviously an issue - making sure they cannot see reports they should not have access to, but also you may need to consider security within a report - ie one supplier runs a report and sees their own data, while another runs the same report and sees different data.

Rendering types can be handled via each supplier's preferences - they can choose their default rendering type, and/or you could define Report Views on an underlying report to present the output rendered in different forms.

If reports are being run on-demand, you may also need to consider the impact on the underlying data source(s) if they all decide to run the same report at the same time.  Saved outputs will alleviate this, though.

Best regards,

MF.

[ian.hawksey]

Hi Mark

Thanks for the swift reply.

I think pre-defined output is not possible, due to the variety and flexibility of the data involved - too many options.

Suggestions on the following, or where I can read up, would be very useful for me:

1) How would you suggest controlling security? I guess each supplier must 'log in' to our system with their unique user name, which must be set up in our security LDAP.
2) Then (again I assume) these login credentials are used automatically to filter the appropriate data in the report?
3) Their login credentials must tie them down to one or two reports and they cannot get anywhere else.
4) Re your point about impact on underlying datasources, is it possible to control the number of 'supplier' users able to log on at any one time?

Thanks

Ian

[MFGF]

Hi Ian,

1. It would definitely make sense for each supplier to log in.  You can define appropriate user IDs for them in whatever external security provider you use - LDAP is one example, and is supported by C8.
2. Assuming the reports are based on metadata modelled in FM (as opposed to cubes modelled in Transformer), you can define Security Filters for the data in FM, based on users, groups or roles.  Just select the object you want to secure, go to the Actions menu and use the Specify Data Security option.  You can bring in each user/group/role and define a specific filter for each.  Once you have republished the package, these filters are then used automatically by the reports at runtime.
3. This is simply a matter of defining the relevant security privileges in Cognos Connection.  This works in a very similar way to defining security in the old CS7 Upfront portal - select the object you want to secure, go into its properties, onto the Security tab, and set up the permissions.  You have 5 levels of permissions you can grant - Traverse, Read, Execute, Write and Set Policy.  Traverse makes objects visible.  Read allows pre-defined report outputs to be viewed.  Execute allows existing reports to be run.  Write allows updating of properties/renaming/deleting.  Set Policy allows you to actr as an Administrator and define the security privileges.  Typically you would grand Traverse, Read and Execute privileges on folders/reports you want your users to run, and no privileges to folders/reports you do not want them to see.
4. I don't think you can easily limit the number of concurrent logins, but you can instead control the number of reports that the server can run concurrently.

Cheers!

Mark.

[ian.hawksey]

Hi Mark

Thanks for the usual very useful and detailed reply, and sorry for my late response (holidays).

My data would be coming from a cube, so does that mean I have to define security within the Transformer model instead of F/M?

Thanks

Ian

[MFGF]

Oh, yes - in that case, you will need to define security views in transformer rather than in Framework Manager, but these can now be based on users/groups/roles from your Cognos 8 security provider (ie you are no longer limited to Access Manager User Classes).  I'm sure you must be able to set up security views in Transformer in your sleep after all these years! :)

Cheers!

[ian.hawksey]

That's clear now.
Thanks again for your help Mark..

Ian