Protect Yourself in an IBM Cognos Audit

The IBM Cognos software product line does not warn you if you add users to the system but don’t have enough licenses, so it’s up to you to make sure you are in compliance!  I get a lot of questions in this area, so I thought I would share with you a little information on staying in compliance.


If you leverage outside consultants, you, as a client, must have licenses for your consultants. Sorry, but there is no special pricing for users who are outside consultants, but we can give you the best price possible.  You must have licenses for everyone in your system, even if they are certified, authorized partners of IBM, or even IBM GBS consultants.

When you buy the license for your consultants, you will retain the perpetual license to the seat, even after the consultant is finished.  If the consultant’s engagement is short term, the consultant would consume a license while they are working, but it could be redeployed once they’ve completed their work.


Let’s say you clean up your system and disable users in AccMan so they can’t utilize Cognos.  Some of the users you disable have left the organization and a few others just no longer need access to the system.  So long as the users associated with disabled accounts have permanently left the organization, it will be sufficient to disable a user account in the associated LDAP instance in order to remove their access to Cognos BI.  The users that are still with your organization are going to come under greater scrutiny.  Under the IBM Cognos definition of “Authorized User”, IBM Cognos BI user licenses are required for any user “given access to the program”.  Temporary disabling to effect license sharing is not permitted.

If you have more users (active or inactive) in your associated authentication sources than you need, you must be able to demonstrate that inactive users permanently left the organization prior to replacement users being enabled.

Cognos BI user licenses may not be “reassigned other than for the permanent transfer of the Authorized User Entitlement to another person”.

This implies that a customer cannot have, say, 10 employees sharing 7 user licenses and remain compliant by only enabling 7 of them to be active at any given time. The remaining presence of disabled users may cause auditors to question whether the disabled users have actually been permanently disabled.

Ultimately, you need to be able to justify why any user still in your name space does not require an Authorized User license in the event of an IBM Cognos audit. If you can demonstrate that the number of users who currently have access to the system (active users) does not exceed your license number, and, if you can demonstrate from usage records that departing users were disabled before new users began accessing the system, then this should be sufficient demonstration that you have remained in compliance.

If you have a specific question about your licenses or need to purchase a few more licenses to ensure compliance and stay away from that IBM Cognos audit, please contact Lodestar Solutions at 813-254-2040.

Leave a Comment

Send this to a friend