Securing Cognos Connection Public Folders

[nfldbunker]

HI

OUr cognos connection will have consumers of information and also report authors who can build reports in report studio,query studio and analysis studio etc. I want to secure the puoblic folders so that all the content that is currently there is runnable but no one  can s save new reports to the public folder but to the my folders. I want to implement a process of where  reports go through some type validation process before being roled out to public folders. This enables some sort of content control over the use of reports in pf which may not of been totally validated.

regards

bunker

[cognostechie]

Preventing people from saving Reports to Public Folders is pretty easy..just deny the Write  and Set Policy access.

That being said, it is not as easy as that because you have to determine a folder structure that will work for your scenario before you do this. You have to determine the whole process first before you set out to deny privileges.

[Suraj]

Develop reports in DEV environment where authors can save/modify public folders.
Then migrate the reports to PROD environment where no one (except admins) has write access to public folders.

If you have only one environment, then deny write to 'Public Folders' except one 'Test' folder where authors can save. Then administrators who have write access can copy to 'Public Folders' after validation.

[T4FF]

I want to secure the puoblic folders so that all the content that is currently there is runnable but no one  can s save new reports to the public folder but to the my folders. I want to implement a process of where  reports go through some type validation process before being roled out to public folders. This enables some sort of content control over the use of reports in pf which may not of been totally validated.

To do that, you remove write to the public folders properties (properties icon top right when in public folders).  As permissions are inherited, you will then have to "Override the access permissions acquired from the parent entry" on any subfolder you want them to be able to write to.

Generally speaking, my folders isn't best practice for development of reports.  A seperate environment is best as Suraj suggests, but if this is not possible, create a folder in public folders specifically for development of reports.  My folders is inaccessible by other users (what if someone was off and a report was required?) and is also lost when a users profile is removed.  There are ways around it but it isn't a practice you should encourage.