Having trouble restricting access to folders/reports in Cognos 8 1

[ksolutions]

I am having a difficult time restricting access to folders/reports in Cognos Connection (I am using Cognos 8 MR2). I am trying to use our Active Directory to do so. Here is a list of the steps I took to attempt to restrict access:

1) In Cognos Configuration, I made sure in Security -> Authentication that 'Restrict Access to members of the built-in namespace' was set to true.

2) In Security -> Authentication -> Cognos, I made sure that 'Allow anonymous access?' was set to False.

3) Saved, stopped and restarted the service.

4) In Cognos Connection, under Tools -> Directory -> Cognos, I added a permissions role for 'Senior Executive' and did not override permissions acquired from the parent entry.

5) Added specific members from the Active Directory to the 'Senior Executive' role.

6) Created a folder & a test report that I wanted to restrict Senior Executives from. I checked 'override the access permissions acquired from the parent entry,' and I set the permissions for that folder to deny all for senior executives only. All other roles were left as-is. The group "Everyone" is not in the list of roles.

7) Logged into one of the 'Senior Executive' accounts to test whether I was indeed restricted -- the test failed, and I can see the folder that I was not intended to see, and the report that is in that folder.

Any ideas?

 

[misscognos]

you said:


6) Created a folder & a test report that I wanted to restrict Senior Executives from. I checked 'override the access permissions acquired from the parent entry,' and I set the permissions for that folder to deny all for senior executives only. All other roles were left as-is. The group "Everyone" is not in the list of roles.


Is everyone still in system administrators? Go to tools->directores->cognos-> set properties for system administrators and look at the members. see if everyone is a system administrator. If so, then everyone who logs in has unrestricted access to everything.

 

[ksolutions]

Thanks for the suggestion Misscognos! I checked, and the system administrators role didn't have everyone in it. After that I finally heard back from Cognos support, who sent me a document with instructions on how to hide folders and packages in Cognos Connection. I'll post the "light" version of the instructions here. Full version can be found by searching keywords [prevent from seeing restrict bar prohibit cloak] on the support site.

1) Make a backup of, and then edit <install directory>/templates/ps/portal/system.xml

2) Find the line that begins with <param name>="visible"

3) Following that, there is a list of permissions. Remove permissions from this line as needed (for example, <param name="visible">[permission("read")]</param>

4) Save and restart cognos service.

5) All folders/packages are hidden unless a user has read rights to a folder.

Hope this helps anyone, it was tough to find this on their site and all over the web.