There are at least two namespaces in every Cognos environment: the internal Cognos namespace plus external security namespace(s).
The Cognos namespace is integral with the Cognos BI application. The objects it contains of security interest are Groups and Roles which can optionally be organized into Namespace Folders. (Other objects in this namespace which are not directly used in security are data sources, printers, contacts and distribution lists.) External namespaces (also called Authentication Providers) are defined in the Cognos Configuration program and can be of a variety of types, including Active Directory and LDAP among others. Once configured, the complete external security hierarchy of objects is available to Cognos consisting of Groups and Accounts organized into Namespace Folders.
Though different object types, Groups and Roles behave identically. They are containers which hold references to Accounts along with other Groups and Roles. These references are called members of the group/role.
Only the Groups/Roles in the Cognos namespace can be modified to add or remove members. The external namespace Groups must be managed using the namespace’s editing tool, such as the Active Directory Users and Computers program. The organization of members into the Groups/Roles is the most important factor in setting up an effective security system since they are commonly used to define permissions to Cognos content store objects.
Authentication to the Cognos applications is performed through the external namespace. A user must provide valid credentials for an account object in the namespace to gain entry to the application.
Once authenticated, the user’s visibilities to objects and actions that can be performed are completely controlled by the memberships of the account and the security applied to both the content store objects and capability objects (to be covered later in the series).
A user’s permissions in Cognos are determined by memberships of the Account object used for authentication. But the calculation of these memberships can become complicated. Read More >
Cognos Access Permissions settings on Cognos objects are use to grant or deny access or actions for specific security objects, usually Groups or Roles. There are five access permissions which are described briefly here.
Read More >
If you’re a Cognos administrator there’s lots of key information you just need to have access to, especially in the area of security. Here we’re going to focus on what some consider among the top needs. These are:
The biggest issues in the area of Cognos security as seen by Cognos administrators, collected informally from a series of questions responded to over the past 14 months.
Read More >
The unique processing of object security by NetVisn provides the base view (what you can see in Cognos Connection) along with an Account view. This view translates security implemented through groups and roles into a display of security by account by applying permissions based upon memberships.
See how Netvisn can simplify your security needs in Cognos!
This video demonstrates how you can view and manage security in Cognos in your Cognos environment more efficiently with the unique features only available with NetVisn.