March 31, 2017 by Paul Hausser, Envisn, Inc.
If you’re a Cognos administrator there’s lots of key information you just need to have access to, especially in the area of security. Here we’re going to focus on what some consider among the top needs. These are:
- Groups, Roles, Memberships and Members
- Security profile of a role, group or account
- Inherited security
- Object security
- User permissions - licensing
1. Groups, Roles, Memberships and Members – Being able to see how these all relate to each other is impossible in Cognos but yet it’s really critical to know this information because some roles and groups can be part of other roles/groups. Knowing this can keep from messing up the security model across the environment.
In Figure 1 we can see that BI Marketing Everyone has three Roles as members and the Expanded Members show the names of all of the members of those three Roles providing a complete picture of all members of that Role. In this simple view we’re able to see how Roles overlap with each other and with many containing the same account names.
2. Being able to get the access profile of a Role, Group or Account is important, particularly if you have to verify this for compliance purposes such as an internal audit. This is virtually impossible to do in Cognos, since at best it will require an incredible amount of time if you can do it at all. In figure 2 we see the security profile for the account of Duncan Reilly.
We see that he has access to 60 objects in the folder BI Reporting and also see the individual objects in this folder along with his access profile for each object.
Figure 3 shows the security profile for the Folder BI Marketing including both Roles and Objects. The security is overridden and we can see that there are four Roles along with their permissions for this Folder. We also see all of the objects inheriting these permissions.
4. Account View versus Groups and Roles – If you’re looking at the security for a Folder or an Object it would be nice to be able to see the security profile either the Role view or the Account view. Here in Figure 4 we see the advantage of having the ability to toggle from one view to the other. One contains the Roles and the other the Accounts.
5. User permissions or licensing – Being able to get hard numbers on what users have access to all of the capabilities within Cognos is often a requirement. Especially since it’s possible to get audited by IBM on license compliance. If you can’t show hard numbers that can be supported, then guess who wins that battle. Plus, on a day to day basis it’s useful to be able to see users access and permissions across all of the features within Cognos.
In Figure 5 we see all of the Accounts that have access to the various studios within Cognos. This lists all of them and shows the access privileges for each account.
These examples were taken from our NetVisn product. To learn more about what NetVisn can do please visit our website. Also, while all of these examples show results in HTML format they can also be output into other formats if needed.