Add Data Security
You can restrict the data represented by query subjects in a project by creating a security filter. The security filter controls the data that is shown to your users when they set up their reports.
For example, your Sales team consists of a Sales Director, and four Sales Managers. You create a security filter that includes a group for the Sales Director and a group for Sales Managers, and apply the filter to the Salary query subject. When the package is available for your users, and a report is generated for the Sales Managers and the Sales Director, only the Sales Director can see
the salary information for the Sales Managers.
If a user has multiple roles, the security filters belonging to these roles are joined together with ORs.
If a role is based on another role, the security filters are joined together with ANDs.
You can base the security filter on an existing security filter. If you choose this option, the security filter inherits the filter and all the filter properties.
When you create a security filter, you can also use existing project filters, or create new filters usingthe expression editor. For more information, see "Create a Filter" (p. 156).
Steps
1. Click the query subject you want, and from the Actions menu, click Specify Data Security.
2. To add new users, groups, or roles, do the following:
● Click Add Groups.
● In the Select Users and Groups window, add users, groups, or roles. For information about
how to do this, see the Content Manager User Guide.
● In the Select Users and Groups window, click OK.
3. If you want to base the group on an existing group, click a group in the Based On column.
Tip: If you do not see the group you want in the list, you must add the group to the security
filter.
4. If you want to add a filter to a group, in the Filter column, click either Create/Edit Embedded Filter or Insert from Model.
ADD OBJECT SECURITY
Steps to Add Object-Based Security
1. Click the object you want to secure, and from the Actions menu, click Specify Object Security.
Tip: You can select more than one object at a time.
2. Select the users, groups, or roles you want to change. Or, click Add to add new users, groups,
or roles.
For more information, see the Content Manager User Guide.
3. Specify security rights for each user, group, or role by doing one of the following:
● To deny access to a user, group, or role, select the Deny check box next to the name for
the user, group, or role. Deny takes precedence over Allow.
● To grant access to a user, group, or role, select the Allow check box.
Tip: To allow everyone to see all objects unless specifically denied access, select the Allow check
box for the Everyone role.
4. Click OK.
A list of new and updated object-based packages appears.
ADD PACKAGE SECURITY
Steps
1. Click the package you want to edit, and from the Actions menu, click Package, Edit Package
Settings.
2. Click the Permissions tab.
3. In Cognos Connection, create, add, or remove groups or roles as required. For information
about how to do this, see the Cognos Connection User Guide.
4. After you finish modifying the security for the package, click OK to return to Framework
Manager.
