By Paul Hausser, Envisn, Inc.
This blog is focused on how to make visible the invisible in Cognos. Administrators need to be able to see Cognos Security the way they need to manage it.
Somebody once said that, “You can’t manage what you can’t measure.” And while that’s mostly true, it’s even more true that you can’t manage what you can’t see. And here we’re talking about being able to see Groups, Roles, Members and Memberships in Cognos. It’s virtually impossible to attempt to analyze security in Cognos and be able to get much in the way of useful information. Yes, you can look at individual settings on objects, accounts, groups and roles but it’s not really possible to be able to take it up a level or two and be able to see how these relate to each other in a way that you can understand the relationships and how they interact with each other.
Why is this important? Because every day Cognos administrators are asked to confirm or validate that security has been correctly applied across groups, roles and accounts. This can be a difficult and time consuming task, and in an environment of frequent change, it’s made even more difficult.
It’s also a problem in day to day management as an administrator. Just trying to answer basic questions they’re likely to be confronted with on a daily basis. Such things as:
- Who are all the members of the Managers Role?
- What Cognos Groups and Roles does Bill Williams belong to?
- What content does Bill have access to based on his memberships?
And the larger the environment the more difficult this becomes. And a major problem with this lack of transparency is that security settings are often incorrectly applied. Users or groups may end up with access to objects they should not be able to see.
Groups, Roles, Accounts and Memberships have multiple dimensions that overlap. How these overlap and relate to each other can sometimes be hard to understand conceptually. To address these issues Envisn sought to make this easier to understand with its NetVisn product. Another goal was to make it possible to answer any question an administrator may have about Cognos security.
The larger the environment the greater the complexity the administrator faces in understanding Cognos security. Thus, any approach to bringing full transparency must be able to handle any size environment and yet be able to render it in a simple, understandable way.
The first challenge is to capture all the relationships between content objects and Groups, Roles and Accounts. NetVisn’s architecture enables it to capture all objects in the Content Store along with all of their properties including security.
The next challenge was to lay this out in a format that makes it easy to see and understand these relationships. This required some experimentation to try and get the optimum view. In Figure 1 we see all the Groups and Roles within Cognos listed along with Memberships, Members and Expanded Members. We can see that BI Sales Everyone is comprised of four other Roles and under Expanded Members we see all of the named accounts that make up those four Roles. And below BI Sales Everyone we see the detail of each of those four Roles.
Figure 2A shows the security access permissions for a folder in the environment labeled BI Sales. There are six Roles that have access to the content in this folder and the permissions for each is shown.
While this is visible in Cognos what’s not visible there is the accounts that make up the expanded members of these six Roles.
To see the account view of these Roles we simply click on Generate Account View and in Figure 2B we see all of the accounts in these six Roles along with the access permission for each user.
An administrator may need to identify all of the objects in the Content Store that a Group, Role or Account has access to. In Figure 3 we see that BI Marketing Staff Role has access to 1,251 objects and these are listed by type in summary. If needed, this view can be expanded to provide a detail list of each of these objects and this security profile can be run against any Group, Role or Account in the Cognos environment.
Cognos administrators need insight into the all aspects of security and access permissions in order to effectively manage this important area and insure that Security is applied accurately.
To learn more about how Cognos security works along with best practices see our Cognos Security Ebook.
© Envisn, Inc., All Rights Reserved. Cognos Security Management