Below are types of security in framework
● data security (p. 257)
You create a security filter and apply it to a specific query subject. The filter controls the data
that is shown to your users when they set up their reports.
● object security (p. 259)
You secure an object directly by allowing users access to the object, denying users access to the object, or keeping it hidden from all users. In case of Object level security user will still see the object , but cant access it
● package security (p. 261)
You apply security to a package and identify who has access to that package.
Setting up data level security for product line
1) I created 2 groups Mountain and Camping in cognos administration
2) Put both those groups under Author role
3)Put user A under Mountain and B under Camping group.
4) Click on product dimension and click on security filter
5) add filter like below
[Dimensional view].[Products].[Products].[Product line] =[Dimensional view].[Products].[Products].[Product line]->[Products].[991]
----- product 991 is your camping equipment.I have dragged it from members
6)Publish the model
7)Create a simple list report by draging product line from product dimension
8)Login with User A and run the report
9)Login with User B and run the report
Object Level security
1) Specified by using Action menu.
2) The object still will be shown but user will not have access
User Permission in Cognos
1)If you have a folder and in that you have your reports saved.You need transverse permission to see the reports and go inside the folder.So transverse is must.
2)Execute is must if you want to execute the report
3)Read is must if you want to open the report in report studio4)
4)set policy is must if you want to give permissions .Without set policy you can see the security tab
5)Write is required if you want to delete a report
Roles in Cognos
The one idea that is to be kept in mind is role have predefined permissions which are not shown in capabilities.Like consumers have read permission to cognos report studio.
These roles already have capabilities defined. For list of initial roles and what are their capabilities refer cognos administration guide
Predefined Entries - page 298
If a user wants access to query studio ,Add the user as member of query user role
If a user wants access to Analysis studio ,Add the user as member of Analysis user role
If a user wants access to report studio ,Add the user as member of Author user role
Note -when a person is added as author they can only execute and tranvese report cant create them.Initially only report administrators have capability to create reports.
Scenario 2
We want to show as below
Users from each branch are allowed to see the sales of their own branch and the aggregated total sales accross all branches - ``Branch(ALL)'' as Cognos calls it.
If we put a security filter on the Branch dimension or the Sales measure then we filter out all the data, so the aggregate value will only show one branch.
(At least that's what's gonna happen with a DMR model.)
What should we do?
Got this question from below link
http://unofficialcognostraining.blogspot.in/2008/02/data-level-security-filter-challenge.html
I am taking the example of product line and revenue .
● data security (p. 257)
You create a security filter and apply it to a specific query subject. The filter controls the data
that is shown to your users when they set up their reports.
● object security (p. 259)
You secure an object directly by allowing users access to the object, denying users access to the object, or keeping it hidden from all users. In case of Object level security user will still see the object , but cant access it
● package security (p. 261)
You apply security to a package and identify who has access to that package.
Setting up data level security for product line
1) I created 2 groups Mountain and Camping in cognos administration
2) Put both those groups under Author role
3)Put user A under Mountain and B under Camping group.
4) Click on product dimension and click on security filter
5) add filter like below
[Dimensional view].[Products].[Products].[Product line] =[Dimensional view].[Products].[Products].[Product line]->[Products].[991]
----- product 991 is your camping equipment.I have dragged it from members
6)Publish the model
7)Create a simple list report by draging product line from product dimension
8)Login with User A and run the report
9)Login with User B and run the report
Object Level security
1) Specified by using Action menu.
2) The object still will be shown but user will not have access
User Permission in Cognos
1)If you have a folder and in that you have your reports saved.You need transverse permission to see the reports and go inside the folder.So transverse is must.
2)Execute is must if you want to execute the report
3)Read is must if you want to open the report in report studio4)
4)set policy is must if you want to give permissions .Without set policy you can see the security tab
5)Write is required if you want to delete a report
Roles in Cognos
The one idea that is to be kept in mind is role have predefined permissions which are not shown in capabilities.Like consumers have read permission to cognos report studio.
These roles already have capabilities defined. For list of initial roles and what are their capabilities refer cognos administration guide
Predefined Entries - page 298
If a user wants access to query studio ,Add the user as member of query user role
If a user wants access to Analysis studio ,Add the user as member of Analysis user role
If a user wants access to report studio ,Add the user as member of Author user role
Note -when a person is added as author they can only execute and tranvese report cant create them.Initially only report administrators have capability to create reports.
Scenario 2
We want to show as below
Users from each branch are allowed to see the sales of their own branch and the aggregated total sales accross all branches - ``Branch(ALL)'' as Cognos calls it.
If we put a security filter on the Branch dimension or the Sales measure then we filter out all the data, so the aggregate value will only show one branch.
(At least that's what's gonna happen with a DMR model.)
What should we do?
Got this question from below link
http://unofficialcognostraining.blogspot.in/2008/02/data-level-security-filter-challenge.html
I am taking the example of product line and revenue .