Hi Gurus!
We have AD groups which we imported in Cognos to implement Cognos Security.
Scenario is like : There are three Active Directory Groups ADG1, ADG2 and ADG3.
They are made members of Cognos Groups : CADG1, CADG2 and CADG3.
Three Folders according to diff departments: FADG1,FADG2, FADG3.
I need to implement security where users who are part of ADG1, becomes part of CADG1 and hence can
Access FADG1..and like wise.
if they are member of more than one AD group (ADG1 and ADG2) they will be part of both CADG1 and CADG2
and could see both FADG1 and FADG2.
I have assigned Each CADGs Traverse on their respective FADGs and Read, execute and Traverse on Reports
and Packages which belong to that department.
Have defined One Consumers role for them of which all of them are members. and Added that role to
Report Studio,Query Studio,Analysis Studio Capabilites with (Read, execute and Traverse) permission.
Issue: When trying to Implement above scenario I do not see expected outcome. Some users can see more
than one folders that they were supposed to see, because they were part of more than one ADG group.
That would still be fine but some of they do not see the stuff they were supposed to see. Some do not
see folders, some do not see reports, some see reports but can not execute them.
My question is I can understand if they see more stuff that what they were supposed to see. But why are
they denied permission on the stuff. Because as part of Best Practices Implementing security Policy we
have not denied any thing to any one. Just granted access per required. so where in this implementation
Cognos decides to deny permission to users?
Any Inputs/Suggestions Welcome,
We have AD groups which we imported in Cognos to implement Cognos Security.
Scenario is like : There are three Active Directory Groups ADG1, ADG2 and ADG3.
They are made members of Cognos Groups : CADG1, CADG2 and CADG3.
Three Folders according to diff departments: FADG1,FADG2, FADG3.
I need to implement security where users who are part of ADG1, becomes part of CADG1 and hence can
Access FADG1..and like wise.
if they are member of more than one AD group (ADG1 and ADG2) they will be part of both CADG1 and CADG2
and could see both FADG1 and FADG2.
I have assigned Each CADGs Traverse on their respective FADGs and Read, execute and Traverse on Reports
and Packages which belong to that department.
Have defined One Consumers role for them of which all of them are members. and Added that role to
Report Studio,Query Studio,Analysis Studio Capabilites with (Read, execute and Traverse) permission.
Issue: When trying to Implement above scenario I do not see expected outcome. Some users can see more
than one folders that they were supposed to see, because they were part of more than one ADG group.
That would still be fine but some of they do not see the stuff they were supposed to see. Some do not
see folders, some do not see reports, some see reports but can not execute them.
My question is I can understand if they see more stuff that what they were supposed to see. But why are
they denied permission on the stuff. Because as part of Best Practices Implementing security Policy we
have not denied any thing to any one. Just granted access per required. so where in this implementation
Cognos decides to deny permission to users?
Any Inputs/Suggestions Welcome,