Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How Cognos Decides on Granting/denying Access to Users

Status
Not open for further replies.

biworld

MIS
Jul 17, 2012
1
US
Hi Gurus!

We have AD groups which we imported in Cognos to implement Cognos Security.

Scenario is like : There are three Active Directory Groups ADG1, ADG2 and ADG3.

They are made members of Cognos Groups : CADG1, CADG2 and CADG3.

Three Folders according to diff departments: FADG1,FADG2, FADG3.

I need to implement security where users who are part of ADG1, becomes part of CADG1 and hence can

Access FADG1..and like wise.

if they are member of more than one AD group (ADG1 and ADG2) they will be part of both CADG1 and CADG2

and could see both FADG1 and FADG2.



I have assigned Each CADGs Traverse on their respective FADGs and Read, execute and Traverse on Reports

and Packages which belong to that department.

Have defined One Consumers role for them of which all of them are members. and Added that role to

Report Studio,Query Studio,Analysis Studio Capabilites with (Read, execute and Traverse) permission.

Issue: When trying to Implement above scenario I do not see expected outcome. Some users can see more

than one folders that they were supposed to see, because they were part of more than one ADG group.
That would still be fine but some of they do not see the stuff they were supposed to see. Some do not

see folders, some do not see reports, some see reports but can not execute them.

My question is I can understand if they see more stuff that what they were supposed to see. But why are

they denied permission on the stuff. Because as part of Best Practices Implementing security Policy we

have not denied any thing to any one. Just granted access per required. so where in this implementation
Cognos decides to deny permission to users?

Any Inputs/Suggestions Welcome,

 
2 hints: Capabilities / Refresh credentials

Did you check the capabilities settings for the user groups? Always instruct users to refresh their credentials after changing security settings..

Ties Blom

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top