mickgibson
IS-IT--Management
Hi,
We are creating a Framework Manager model that we wish to apply row level security to - which Cognos refers to as 'Data Security'.
But I'm looking for some advice for how to deal with 2 specific difficulties we have identified.
1. The instructions for setting up Data Security state that all applicable users need to be placed within individual groups, and that filters are applied to these groups. My concern is that if a user is mistakenly given access to this package, but is not placed within one of these groups, then no filters are applied, and they have unrestricted access to the data. Can anyone recommend a method of dealing with this risk? Is there a way we can ensure people can see nothing unless they are placed in a group, rather than everything?
2. The Data security is applied to individual Query Subjects, so if a query is created from any of the other Query Subjects, then the filter is not applied - until something is selected from that Query Subject. Can the data Security be applied to the whole package to ensure the filters are applied regardless of what Query Subject they select? If not, is the only option to place these filters on all Query Subjects? How would you suggest we handle this?
Your help is much appreciated.
Regards
Mick
We are creating a Framework Manager model that we wish to apply row level security to - which Cognos refers to as 'Data Security'.
But I'm looking for some advice for how to deal with 2 specific difficulties we have identified.
1. The instructions for setting up Data Security state that all applicable users need to be placed within individual groups, and that filters are applied to these groups. My concern is that if a user is mistakenly given access to this package, but is not placed within one of these groups, then no filters are applied, and they have unrestricted access to the data. Can anyone recommend a method of dealing with this risk? Is there a way we can ensure people can see nothing unless they are placed in a group, rather than everything?
2. The Data security is applied to individual Query Subjects, so if a query is created from any of the other Query Subjects, then the filter is not applied - until something is selected from that Query Subject. Can the data Security be applied to the whole package to ensure the filters are applied regardless of what Query Subject they select? If not, is the only option to place these filters on all Query Subjects? How would you suggest we handle this?
Your help is much appreciated.
Regards
Mick
