Understanding IBM Cognos BI Security

Managing security within your reporting environment can be a difficult and risky task if you don’t fully understand your software’s security structure. In this blog, we will discuss the various levels of security and how you can mix and match to come up with the best security plan for your business. IBM Cognos BI security is object oriented. That means you can set security on many different objects within Cognos, but the lowest level of security will win if you have multiple levels of security. In order to understand security and permissions, let’s talk about two examples:

Example 1: Security applied at the data level

Data-level security is administered within Framework Manager. The diagram below shows the highest level of security down to the lowest within Framework Manager :

A Namespace is the highest object you can assign permission to within Framework Manger. The second option for permission is the view level. This level is based on Lodestar’s best practice for Framework Manager design, which encourages modelers to create the following views:

Database View – this level is an exact mirror of your data source. We believe that by making the database view the same as the data source, it allows the modeler to change the business view without having to change the database view. Moreover, by making the database the same as the data source it is easier to find information within Framework Manager.

Business View – this level contains all business terms, necessary joins, calculations, and business nomenclature. This level is published for use in the Cognos Studios.

You can apply security to a query subject and a dimension within a query subject. The dimension is the lowest level of security. You can mix and match security, which means you, can apply security at any level, but the lowest level will win.

Example 2:  Security applied within BI

Framework Manager security is administered outside of Cognos BI, but it still impacts objects created based on packages published from Framework Manager. You can also apply security to objects within Cognos BI, consider the following:

The highest levels of security within BI are folders. When you publish packages from Framework Manager, a folder is created for the package and you can place security on the folder. Now if you have security on the folder, package, and dimensions then when a conflict is encountered – the lowest level of security will win. Mixing security can be tricky to keep track of so I use a matrix to determine which security setting will win. I have to admit the matrix is about 90% effective because there have been times when I couldn’t figure out how the security was applied from my matrix so I had to roll back the security and then reapply noting the impacts. Once I had applied the desired security structure and noting all the steps I was able to update my matrix.

X