Chapter 7. Adding Security; Powercubes With Ibm Cognos Series 7 Security; Choosing The Type Of Security To Be Applied - IBM Cognos User Manual

Chapter 7. Adding Security

Cognos Transformer supports simultaneous user authentication and logon using
the full range of supported IBM Cognos security providers. You can also add
custom views to each PowerCube to grant or deny access to sensitive business
intelligence information. These access controls can be customized down to the
query object level: not merely to reports and cubes, but to the specific levels,
categories or members, and measures within them.

PowerCubes with IBM Cognos Series 7 Security

PowerCubes secured against an IBM Cognos Series 7 namespace can be built on
any IBM Cognos platform, including Linux and HPUX Itanium. However, the IBM
Cognos Content Manager component must be installed on a platform supported by
IBM Cognos Series 7 Version 4.
For an up-to-date list of supported environments, visit the IBM Cognos Customer
Center http://www.ibm.com/software/data/cognos/customercenter.

Choosing the Type of Security to be Applied

Cognos Transformer supports two types of security to restrict data access across
the IBM Cognos reporting components: member-based security and cube-based
password protection.
When you use member-based security, you create custom views and apply these
views to specific categories (members), dimensions, or components thereof. This
filters the cube data that is shown to specific report users. Member-based security
uses security objects such as users, groups, or roles, to define user access to
information.
With cube-based security, you apply security to an entire PowerCube or cube
group by setting a password to restrict access to authorized users.
Assessing Your Security Requirements
Use the following questions to assess the need to control access to information and
to identify the specific security levels to apply to each user, group, or role.
v Can you place your users into distinct groups based on their information needs
v If your organization already has user groups or roles, are these based on
v Can you rely on database or network operating system logins to restrict access,
After you decide on the necessary levels of security to use, the process of adding
security to your models and cubes consists of the following tasks:
© Copyright IBM Corp. 2007, 2011
and access privileges? Or, do people change jobs or locations so frequently that
this is not practical?
network and database access, or existing Human Resources classifications such
as job functions and task profiles? Will you need to realign these user groups to
more accurately reflect decision-making roles?
or must you implement alternative security for your sensitive data? Do you have
directory-based security already in place?
147