Ibm Cognos Security Objects - IBM Cognos User Manual

v ensuring that the required authentication provider is configured in your IBM
v assigning the security objects from the security namespace configured in IBM
v associating access controls with your PowerCubes before delivering them to
To begin, consider the business reasons for restricting access to data. For example,
you may have confidential data that only specific users are allowed to see. Or your
configured data source may contain a large amount of information, and your users
need to retrieve data from only specific dimensions or levels. Perhaps you have a
dimension that contains many categories or members, and your users need to
retrieve only a subset of records from that dimension.
Depending on your data source, the underlying database security may also affect
user access to certain categories of information. Therefore, assigning access to a
level may not guarantee that the user also has access to all the categories or
members in that level.
Before you add security in Cognos Transformer, ensure that security was set up
correctly in IBM Cognos. For more information, see the Administration and Security
Guide.

IBM Cognos Security Objects

Users, groups, and roles are IBM Cognos security objects created for authentication
and authorization purposes. You can add groups created in authentication
providers, or you can create your own in IBM Cognos.
Users
A user entry is created and maintained in an authentication provider to uniquely
identify a human or a computer account. You cannot create users in IBM Cognos.
Information about users, such as first and last names, IDs, passwords, locales, and
e-mail addresses, is stored in authentication providers.
Users can become members of groups defined in authentication providers and
groups defined in IBM Cognos. A user can belong to one or more groups. When
users are members of more than one group, their access permissions are merged;
this is known as the union of views principle.
Groups and Roles
Groups can include individual users, as well as other groups. Group membership
is part of a user's basic identity. Users log on with all the permissions associated
with the groups to which they belong. Examples of groups are Employees,
Managers, and Sales Personnel.
148
IBM Cognos Transformer Version 10.1.1: User Guide
Cognos BI environment and that the required users, groups, and roles are
available from that Cognos namespace, referencing the configured authentication
provider of your choice
For more information, see the Administration and Security Guide.
Cognos BI to custom views, and then combining custom views with dimension
filtering to appropriately subdivide your business information
your users