Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE.

Similar presentations


Presentation on theme: "Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE."— Presentation transcript:

1 Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE

2 7 September 2015 Introduction Cognos 8 security is designed to meet the need for security in various situations. Easy to integrate with existing security infrastructure. Cognos 8 has its own namespace called Cognos. It can be built on top of one or more third party authentication providers used to define and maintain users, groups and roles. Security in Cognos 8 is optional, all user access will be anonymous with limited, read - only access.

3 7 September 2015 Introduction Authentication Providers oUser authentication in Cognos 8 is managed by third-party authentication providers. oAuthentication providers define users, groups, and roles used for authentication. oIn case of multiple namespaces, namespace should be selected at the start of session and can log on to other namespace later in the session.

4 7 September 2015 Introduction Following authentication providers are supported in Cognos 8 : oThird party LDAP server that supports version 3 of the LDAP protocol for user authentication. oThe namespace in the directory server used for your Cognos Series 7 products. oWindows Native security (NTLM), either your LAN security or users on your local computer oSAP namespace. oActive directory namespace oNetegrity SiteMinder

5 7 September 2015 Introduction Authorization oAuthorization is the process of granting or denying users access to data, and permission to perform activities on that data, based on their signon identity. oCognos 8 authorization assigns permissions to users, groups, and roles that allow them to perform actions, such as read or write, on content store objects, such as folders and reports. oThe content store can be viewed as a hierarchy of data objects like folders, reports and packages.

6 7 September 2015 Introduction Cognos Namespace : oThe Cognos namespace is the Cognos 8 built-in namespace. It contains the Cognos objects, such as groups, roles, data sources, distribution lists, and contacts. oDuring the content store initialization, built-in and predefined security entries are created in this namespace. oUse of cognos groups and roles contained in Cognos namespace is optional. oThe groups and roles created in the Cognos Namespace repackage the users, groups and roles existing in authentication providers for optimized use in the Cognos 8 Environment.

7 7 September 2015 Cognos 8 Different Levels of Security. Different Types of security that can be incorporated at Model Level: oPackage Level security. oData Level security. oObject Level security

8 7 September 2015 Cognos 8 Different Levels of Security. Package Level Security oPackage level security can be implemented in Framework manager. oRoles that have access to the package can be specified. oIf the role is not specified in Framework manager,then package will be inaccessible to any role from Cognos Connection.

9 7 September 2015 Cognos 8 Different Levels of Security. Step 1:

10 7 September 2015 Cognos 8 Different Levels of Security. Step 2:

11 7 September 2015 Cognos 8 Different Levels of Security. Data Level Security oIt’s also possible to restrict part or all of the data that a particular Query Subject returns to a user or group of users by applying a security filter on the Query Subject in Framework Manager. oThe security filter can make use of macros or parameter maps to further enhance the abilities of the filter. oYou can specify data security by highlighting the object you wish to filter and then right click and select “Specify Data Security”. oIn the window that opens you can select the groups or users you wish to filter and either create a new filter or use an existing filter condition to apply to the user or group.

12 7 September 2015 Cognos 8 Different Levels of Security. Step 1:

13 7 September 2015 Cognos 8 Different Levels of Security. Step 2:

14 7 September 2015 Cognos 8 Different Levels of Security. After publishing the package now when a user or a role defined in the Data Security window runs a report they are only permitted to see the data for which the filter applies. For example if Joe logged into Query studio and created a report with Issue_Type and Issue_Date he only will only see the issue types which are greater than 2.

15 7 September 2015 Cognos 8 Different Levels of Security.

16 7 September 2015 Cognos 8 Different Levels of Security. Object Level Security oIt is possible to restrict access to specific objects in a project. For Example:- if you have a user or group of users who you don’t want access to a particular Namespace then you can remove access to that Namespace for that user or group of users. oObjects which can have security applied include namespaces, query subjects, query items, filters and folders. You can either Allow (make visible) or Deny (not visible) access to these objects. oEnsure while granting access to an object that the user or group of users you are granting access to, also have access to the package that contains them.

17 7 September 2015 Cognos 8 Different Levels of Security.

18 7 September 2015 Cognos 8 Different Levels of Security. When running a report in which a user or group of users does not have access to one or more objects in the report (ie a query item, or query subject) then the report will fail

19 7 September 2015 Cognos 8 Different Levels of Security. It is also possible that a user is a member of more than one group, and the groups have conflicting access to an object. For instance the group1 group is granted access to an object, where as the group2 group is denied access to the same object. The end result is the user is DENIED access to that object.

20 7 September 2015 Cognos 8 Different Levels of Security. Example of Conflicting Access

21 7 September 2015 Cognos 8 Different Levels of Security. Example of Conflicting Access

22 7 September 2015 Cognos 8 Different Levels of Security. Report fails in case of conflicting access

23 7 September 2015 Cognos 8 Security Users oA user entry is created and maintained in a third-party authentication provider to uniquely identify a human or a computer account. oUser entries cannot created in Cognos 8. Groups and Roles oGroups and roles represent collections of users that perform similar tasks, or have a similar status in an organization. For Example: Employees, Developers etc. oMembers of groups can be users and other groups. oGroup membership is part of the users’ basic identity.

24 7 September 2015 Cognos 8 Security Structure of Groups and Roles

25 7 September 2015 Cognos 8 Groups and Roles. Cognos Groups and Roles should be created when: oGroups and Roles cannot be created in authentication provider. oGroups and Roles are required that span multiple namespaces. oPortable Groups and Roles are required that can be deployed. oTo address specific needs of Cognos 8 Administration. oTo avoid cluttering your organization security systems with information used only in Cognos 8.

26 7 September 2015 Cognos 8 Groups and Roles. The roles used to run reports and jobs are associated with oWho runs the reports interactively. oWho are the report owners. oWhose credentials are used to run scheduled reports and jobs. Depending on the options selected to run reports, different roles can be assumed by the process oThe process assumes all the roles associated with the report owner when the report runs with the owner option selected. oThe session assumes all the roles associated with the user whose credentials with the user whose credentials were used to process the request when a scheduled report or job runs.

27 7 September 2015 Cognos 8 Groups and Roles. When a content store is initialized, a set of security objects is created and stored in the Cognos namespace. The initial security policies grant unrestricted access to all objects in the content store to all users. Two kinds of entries supported oBuilt-in Entries oPredefined Entries

28 7 September 2015 Cognos 8 Groups and Roles. Built-in Entries User Account – Anonymous This entry represents a user account shared by general public who can access Cognos8 without being prompted for authentication. The Groups – All Authenticated Users and Everyone oAll Authenticated Users: This group represents users who are authenticated by authentication providers. oEveryone: This group represents all authenticated users and Anonymous user account. The role – System Administrator oMembers of this special role are considered root users or super users. oThey may access and modify any object in the content store, regardless of any security policies set for the object.

29 7 September 2015 Cognos 8 Groups and Roles. Predefined Entries oThe predefined entries include several Cognos roles. oFor using predefined roles, it is recommended to modify the initial membership immediately after installing and configuring Cognos8. oThe predefined roles include the following: Consumers Members can read and execute public content, such as reports. Query Users Members have the same access permissions as consumers. They can also use Cognos Query studio. Authors Members have the same access permissions as Query Users. They can use cognos Report studio and save public content, such as report and report output. Report administrators Members can administer the public content, for which they have full access, also can use Cognos Report studio and Cognos Query Studio. Server administrators Members can administer servers, dispatchers and jobs.

30 7 September 2015 Cognos 8 Groups and Roles. Directory Administrators In the Cognos namespace, they administer groups, accounts, contacts, distribution lists, data sources, and printers. Metrics Administrators Members can administer Metric packages and tasks in Cognos Connection. Metrics Authors Members can create and edit scorecard applications in Metric Studio. Metrics UsersMembers can monitor performance in Metric Studio. Portal AdministratorsMembers can administer the Cognos portlets and third-party portlets in Cognos Connection. This includes importing and customizing portlets, defining portlet styles, and setting access permissions for portlets. Controller Users Members have general access to Cognos Controller menus. Controller Administrators Members have full access to Cognos Controller menus and can create individual Cognos Controller users and define their limitations.

31 7 September 2015 Creating Cognos 8 Groups and Roles. Cognos Connection ->Tools -> Directory -> Users, Groups and Roles.

32 7 September 2015 Creating Cognos 8 Groups and Roles. Click on the Cognos Namespace. List of groups and roles will be displayed.

33 7 September 2015 Creating Cognos 8 Groups and Roles. To delete a cognos group or role, select it and click on delete button.

34 7 September 2015 Creating Cognos 8 Groups and Roles. To create a new role/group click on new role/group button and then specify name and description and click on Next.

35 7 September 2015 Creating Cognos 8 Groups and Roles. Add or remove the roles or groups needed to be added to this new role.

36 7 September 2015 Creating Cognos 8 Groups and Roles. Click on Add and select a namespace to add the items into the New Role.

37 7 September 2015 Creating Cognos 8 Groups and Roles. Select the entries and click on arrow to put them into selected entries. Click on Ok after the process is over.

38 7 September 2015 Creating Cognos 8 Groups and Roles. Click on the Finish button.

39 7 September 2015 Creating Cognos 8 Groups and Roles. A new role role-example is created.

40 7 September 2015 Creating Cognos 8 Groups and Roles. To create a New Group, click on New Group icon.

41 7 September 2015 Creating Cognos 8 Groups and Roles. To create a New Group, click on New Group icon and click on Next button.

42 7 September 2015 Creating Cognos 8 Groups and Roles. Add or remove the items in new group wizard.

43 7 September 2015 Creating Cognos 8 Groups and Roles. Select a namespace and then select the required items and click Ok.

44 7 September 2015 Creating Cognos 8 Groups and Roles. Click on Finish.

45 7 September 2015 Creating Cognos 8 Groups and Roles. A new group is created.

46 7 September 2015 Cognos 8 Permissions. In Cognos 8, organization’s data can be secured by setting access permissions for the entries. The kind of access and actions to be performed by the users and groups to a specific report or other content in Cognos 8 can be specified. While setting access permissions, both authentication provider users, groups and roles and Cognos groups and roles can be referenced. Different kind of access permissions available in Cognos8 - oREAD oWRITE oEXECUTE oSET POLICY oTRAVERSE

47 7 September 2015 Cognos 8 Permissions. Users must have at least traverse permissions for the parent entries of the entries they want to access. Permissions for users are based on permissions set for individual user accounts and for the namespaces, groups, and roles to which the users belong. Cognos 8 supports combined access permissions, when users who belong to more than one group log on, they have the combined permissions of all the groups to which they belong.

48 7 September 2015 Cognos 8 Permissions. Permissions can be set for : oPackage oFolder oReport For explicitly setting the permissions, click the set properties icon and override parents permissions. New roles can be added and existing one deleted and access permissions can be applied.

49 7 September 2015 Cognos 8 Permissions. Click on the Set Properties icon.

50 7 September 2015 Cognos 8 Permissions. Click on Permissions tab, and check the override permissions checkbox.

51 7 September 2015 Cognos 8 Permissions. Select the roles and then apply the access permissions accordingly.


Download ppt "Internal and Confidential COGNOS 8 - Implementing Security Cognos CoE."

Similar presentations


Ads by Google