If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Permissions issue

Started by sandeeppenmetsa246, 02 Apr 2012 02:00:58 AM

Previous topic - Next topic

sandeeppenmetsa246

Hello One and All,

    For a particular user say 'X', I want to deny Report Studio. For that I am going to IBM Cognos Administration --> Security --> Capabilities. In the list of Capabilities, I found Report Studio. For that, I am going to set properties --> Permissions tab. Here I am adding a user named 'X' and gave deny for all(i.e. Read, Write, Execute, Set Policy and Traverse) and saved it. Later on if I login as 'X' and try to launch report studio, I am able to create a report and save it even though the access is denied. May I know why is this happening. Thanx in advance.

cognoslearner1

Hi,

Please remove "every one" group. Because of that your able to access.

sandeeppenmetsa246

Thanks for the reply. If I try to delete the group, I am getting a message saying 'The object "/Directory/Cognos/Everyone" cannot be deleted.'

MFGF

Yikes!  No!! Don't try to delete the Everyone group!! Simply go into the properties of the Report Studio capability and remove the permissions of the Everyone group from this capability. You will need to make sure that all other users/groups who require access to Report Studio are added and granted permissions or else you run the risk of other users losing their access to Report Studio too.

Regards,

MF.
Meep!

cognoslearner1

Hey thanks for your reply its working.

monica

HI Friends,

I have tried to delete "Everyone " but its not getting deleted but even i have tried to deny access to report
studio  to some users by going to report studio capablities and denying access from there....But still the denied user is able to access report studio...Please some one suggest and any alternate approach.

MFGF

You should not attempt to delete the Everyone group. Simply remove the permissions of the Everyone group in the Report Studio capability.  You should also check the other groups/roles which have permissions too - see who belongs to each group/role. It's possible that the Everyone group belongs to one of these other groups/roles, which have permissions granted.

MF.
Meep!

surendra.e

Hi,

Please try to remove the users from report studio capabilities and test it once.
make sure that everyone group is not available in the report studio capabilities.

Thanks,
surendra

monica

Hi All ,

I have tried everything. I will just tell the steps please correct me where i have gone wrong.

Firstly, I logged in as admin and created a new user (Authentication used NTLM).
next....

1) cognos administration > security > capablities > report studio > set properties
   from here i have removed every one group also and once tried denying permissions.
2) logged out and again logged in as newly created user  still
  the user can access Report studio..Whats wrong in this ?
   

MFGF

There may be other groups or roles which have permissions granted in the Report Studio capability. It is possible that your user (or one of the groups or roles you user belongs to) is a member of one of these groups or roles. You need to make a note of each group or role with permissions granted in the Report Studio capability, then go to the Cognos namespace and look at each of these groups and roles to see who is defined as a member. My guess is that the everyone group belongs to one of these other groups or roles.

MF.
Meep!

simon.hodgkiss

#10
Quote from: monica on 13 Apr 2012 03:59:30 AM
...
1) cognos administration > security > capablities > report studio > set properties
   from here i have removed every one group also and once tried denying permissions.
 


Important: I would strongly recommend to never deny permissions for the "Everyone" group on any secured functions or features within capabilities, unless you fully understand the impllications.

Remember that a "deny" will always override a "grant".  Then think about the set of users who are encompassed by the "Everyone" group... As All Authenticated Users are typically members of the "Everyone" group, then you are denying RS to everyone.  Including Authors, Administrators and any user who should genuinely have the RS capability.

Regarding your issue (as MFGF has previously noted) - if the test user can still use Report Studio, and the everyone group has been removed from the RS capability, then perhaps the everyone group is also a member of the "Authors" role in the cognos namespace (which I suspect will also have RS capability).  Try removing "Everyone" from membership of the "Authors" role in the directory > Users, Groups and Roles.  Let us know how you get on!  :)

All the best,

Simon

monica

Thanks everybody...I got it.  :) :) :D