Thursday 5 April 2012

USER PERMISSIONS IN COGNOS 10


Im Cognos Roles and Group are parent for all permissions.Read,Write,execute,set policy,Traverse
After that comes public folder after that folders and packages.At each level you can overide
permission from parent
Roles have override access permissions.Who are parent for a roles??
I dont know.I think system administrator is parent for all.
In properties of a folder there are 3 options.General,Permissions,Capabilities
consumer has traverse access can only see general tab
Question is with traverse option why you can open report studio.Though traverse
ppl can see report studio they cannot execute is.The option for executing does not come it.Now
how to hide report studio for those
users — can it be done through capability
what is execute permission .What impact does it have— You can open report
studio but you cant create report.I think you can only execute reports.Now main
idea is to hide even the report studio option for those ppl
Grant allow external data property is not set in capabilities.Need to enable this.
When you publish a package.By default is has capabilities.That come from parent.Now you are
directly publishing the package in public folder.Who is the parent here??
Public folders has properties.Its one of the tabs that gets overlooked very easily.
How to assign capabilities to a role.Saying that consumers can use report studio.How to do this??
Ans- Capabilities can be set in public folder properties or they can be set in package or folder
properties.You can override permissions from parent entry.Setting it in public folders or
packager or folder properties does it.
When next to report you can see report studio icons,run button.That is due to permission
read,execute.If you have permission however your group does not have report studio capability you
cannot open report in report studio.
Go to properties , go to report studio.Click on properties.Here you can say which group can use
this capability.However deny has higher precedence over grant.So even if someone is included in
everyone group you can deny access by including him in other group and denying that group access.
Every group has properties?There are permissions there.What does those permissions mean??
Group properties , permission are used for specifying permission for the group that will be used
throught cognos when the group is mentioned.At any time we can override this permission.Most
common place to override group permissions are public folder properties.

Every capability has property.Those property say who has right to that thing.Like report studio c
capability has permissions .Suppose you deny any group execute and traverse right .They cannot
even see report studio icon.
But you can still see the report studio in launch option.How to handle this??How to hide cognos report studio option in launch explorer.?
Resolving the problem
On the Report Studio capability, set deny on the traverse and execute rights.Steps:Assuming users
belong to a group called for example, ReportStudioNoAccess
1. Log in as administrator in the Cognos Connection web portal
2. Click on Tools->Capabilities menu option (8.2 or lower). In 8.3, go to Launch->Cognos
Administration, click on the Security tab and then click on Capabilities link.
3. In 8.2, click on the Report Studio “Set Properties” icon and then the Permissions tab. In
8.3, click on the triangle to the right of the Report Studio capability, choose Set Properties
and click the Permissions tab.
4. From the Set properties – Report Studio page, add the ReportStudioNoAccess group and deny
them execute and traverse rights.
5. Click OK to save the settings
6. Log in as a user that belongs to the group that you denied execute/transverse rights to and
ensure they cannot see the report studio link next to reports or in the upper right of the Cognos
Connection page.

No comments:

Post a Comment