User capabilities
Content Manager reads the user's permissions at logon time. Depending on the permissions for the secured functions and features, the user can access specific components and perform specific tasks in the Cognos® Analytics user interface.
The Capabilities, which are also referred to as secured functions and secured features, control access to different administration tasks and different functional areas of the user interface in Cognos Analytics.
Examples of the secured functions are Administration and Reporting. Examples of the secured features are User Defined SQL and Bursting.
When a content store is initialized, the initial permissions for the secured functions and features are created. The permissions define which of the predefined and built-in Cognos groups and roles have access to which secured functions and features, and the type of access. The initial permissions grant unrestricted access to IBM® Cognos software because the built-in role System Administrators includes the group Everyone in its membership. You must remove the group Everyone from the membership of System Administrators before you start setting access to capabilities.
When running a report using the Run as the owner option, the capabilities of the owner are used for bursting and report layout properties in the HTML format. All other capabilities are based on the user who runs the report.
Users can see a list of the secured functions and features that are available to them in Personal
menu under
.
For more information, see Initial access permissions for capabilities.
Adaptive Analytics
This secured function controls access to the reports packaged using Adaptive Analytics.
Administration
This secured function contains the secured features that control access to the administration pages that you use to administer IBM Cognos software. System administrators can use this capability to delegate administration tasks to different administrators.
The following secured features are associated with this function:
-
Adaptive Analytics Administration
Users can access Adaptive Analytics to perform administrative tasks.
- Administration tasks
Users can access Content Administration on the Configuration tab in IBM Cognos Administration to administer exports, imports, consistency checks, and report updates.
- Collaboration Administration
Users can access the ability to create and control collaboration platforms.
- Configure and manage the system
Users can access System on the Status tab and Dispatchers and Services on the Configuration tab in IBM Cognos Administration to configure dispatchers and services, and to manage the system.
- Controller Administration
Users can use the administrative functions of IBM Cognos Controller.
- Data Source Connections
Users can access Data Source Connections on the Configuration tab in Administration console or in Data server connections under Manage to define data sources, connections, and signons. In IBM Cognos Analytics with Watson on Cloud, they can also access the Secure Gateway page from the Manage menu.
- Distribution Lists and Contacts
Users can access Distribution Lists and Contacts on the Configuration tab in IBM Cognos Administration to manage distribution lists and contacts.
- Manage Visualizations
Administrators with this capability can assign the Develop Visualizations secured function to users, groups, and roles, allowing them access to custom visualizations.
CAUTION:Be judicious when you assign Develop Visualizations access and ensure that you review files that are being uploaded. People who are permitted to upload files may be able to deliver malicious code. - Mobile Administration
Users can administer IBM Cognos Analytics Mobile Reports services and applications.
- Planning Administration
Users can access IBM Cognos Planning Contributor Administration Console and IBM Cognos Planning Analyst to perform administration tasks.
- PowerPlay Servers
User is given limited access to the IBM Cognos Administration pages. This includes access to the PowerPlay® page and the ability to set PowerPlay properties.
- Printers
Users can access Printers on the Configuration tab in IBM Cognos Administration to manage printers.
- Query Service Administration
Users can access the IBM Cognos Administration to manage dynamic cubes. Users can perform operations on cubes, such as starting and stopping cubes, refreshing the data cache, and creating and scheduling query service tasks.
page in - Run activities and schedules
Users can access Current Activities, Past Activities, Upcoming Activities and Schedules on the Status tab in IBM Cognos Administration to monitor the server activities and manage schedules. To grant access to the scheduling functionality independently from the monitoring functionality, use the Scheduling capability.
- Set capabilities and manage UI profiles
Users can access Capabilities and User Interface Profiles on the Security tab in IBM Cognos Administration to manage the secured functions and features and the Reporting user interface profiles.
- Styles and portlets
Users can access Styles and Portlets on the Configuration tab in IBM Cognos Administration to manage styles and portlets.
- Users, Groups and Roles
Users can access Users, Groups and Roles on the Security tab in IBM Cognos Administration to manage namespaces, users, groups, and roles.
AI
This capability allows designated users to access AI functionality. The roles granted with Execute permissions by default are listed in the AI capability section.
The following secured features are associated with this function:
- Learning
This secured feature allows the system to learn from an assignee’s product usage.
Tip: This feature is not available as an object capability. - Use Assistant
This secured feature allows designated users to use the Assistant. The Use Assistant capability can be set at the user level or source level.
Analysis Studio
This secured function controls access to IBM Cognos Analysis Studio. Users with access to this studio explore, analyze, and compare dimensional data, find meaningful information in large data sources, and answer business questions.Attach Outputs
This capability allows a user to attach outputs in an email when setting a schedule, running a report in the background, or setting job steps.
Cognos Analytics for Mobile
This capability allows users access to Cognos Analytics via the Cognos Analytics for Mobile app.
The roles granted with Execute permissions by default are listed in the Cognos Analytics for
Mobile capability
section of Initial access permissions for capabilities.
Cognos Insight
This secured function controls access to IBM Cognos Insight. Users with access to this tool work with complicated data sources to discover, visualize, and plan in easy to use workspaces.Cognos Viewer
This secured function controls access to IBM Cognos Viewer, which you use to view reports.
The secured features associated with this function are
-
Context Menu
Users can use the context menu in IBM Cognos Viewer.
Note: To see the context menu, users must have access to both the Selection and Context Menu secured features.
-
Run With Options
Users can change the default run options. When users have no execute permissions for this feature, they cannot see the Run with options
icon for reports.
-
Selection
Users can select text in lists and crosstabs.
-
Toolbar
Users can see the IBM Cognos Viewer toolbar.
Collaborate
This secured function controls access to IBM Connections from within IBM Cognos.
The secured features associated with this function are:
-
Launch Collaboration Tools
The secured feature allows users to launch IBM Connections from any Launch menu within the IBM Cognos Analytics with Watson environment, including the Cognos Workspace Getting Started Page, and the Actions Menu. The links will go to the user's IBM Connections home page, if it is configured, or to Activities.
-
Allow Collaboration Features
This secured feature controls access to the Collaborate icon and to IBM Connections Search Results within Cognos Workspace. Users must have access to create or view activities from within Cognos Workspace.
Controller Studio
This secured function controls access to IBM Cognos Controller.
Dashboard
This secured function controls access to view Dashboards and Stories. Users require Execute permissions for the Dashboard capability to view both dashboards and stories. The roles granted with Execute permissions by default are listed in the Dashboard capability section.
The following secured feature is associated with this function:
Create/Edit
This secured function controls access to the
and functions. Users require Execute permissions for the Dashboard and Create/Edit capability to both create or edit dashboards and stories.Data Manager
This secured function controls access to Data Manager.
Data sets
This secured function controls access to the Create data set menu that is available from the package and data module context menus.
Desktop Tools
This secured function controls tracking for Cognos Desktop Tools products. Users with this capability are members of the Analytics Explorers role. This allows an admin to track the users in the license counter. Products that will count as a desktop tool include Planning Analytics For Microsoft Excel, Cognos Framework Manager, Cognos Cube Designer and Dynamic Query Analyzer, Transformer, and TM1 Writeback to bundled FLBI TM1 server.
Detailed Errors
This secured function controls access to viewing detailed error messages in the Web browser.
Develop Visualizations
This secured function specifies that the user can develop custom visualizations.
Drill Through Assistant
This secured function controls access to the drill-through debugging functionality in the drill-through Go To page and the drill-through definitions. Users who have this capability see additional information in the Go To page for each drill-through target. This information can help to debug a drill-through definition, or can be forwarded to the Cognos Software Services representative.
Event Studio
This secured function controls access to Event Studio.
This capability allows a user to send an email when scheduling or sharing content. The roles
granted with Execute permissions by default are listed in the Email capability
section of
Initial access permissions for capabilities.
The following secured features are associated with this capability:
Email Delivery Option
This secured function allows a user to choose email delivery when setting a schedule, running a report in the background, or setting job steps.
Include link in email
This secured function allows a user to link to content from an email when sharing content, setting a schedule, or running a report in the background.
Share using email
This secured function allows a user to share annotated screen captures via email from
.Type in external email
This secured function allows a user to enter external recipients in an email. If the secured function is not granted, the user can only select recipients from their authenticated namespaces.
Execute Indexed Search
This secured function controls access to the search of indexed content. This secured function does not appear until the Index Update Service has been started.
By default, Execute Indexed Search allows enhanced indexed search. When Execute Indexed Search is disabled, basic indexed search is provided.
Executive Dashboard
This secured function controls access to IBM Cognos Workspace. Users who have access to this function are granted basic permissions for the workspaces in Cognos Workspace. With this type of permissions, users can view the workspaces, drill up and down on the workspace data, add comments, print the workspaces, use slider filters, and select value filters if these filters are included in the workspace.
The following secured features, which are associated with the Executive Dashboard function, grant more extensive permissions for the workspace:
- Use Advanced Dashboard Features
Use this feature to grant the users maximum permissions for the workspace.
- Use Interactive Dashboard Features
Use this feature to grant the users permissions to access the workspace functions that allow interaction with the widget data. This includes access to the on-demand toolbar in the widget that provides options for interacting with the report data, such as sorting, deleting, resetting, swapping rows and columns, and changing the report display type.
Exploration
This secured function controls access to the the Exploration capability section.
function. Users require Execute permissions for the Exploration capability both to create or view explorations. The role is granted with Execute permissions by default, as listed inExternal Content
This capability allows the assignee to use content from sources that are external to IBM Cognos Analytics.
The secured function associated with the External Content capability is Watson Studio. It allows the assignee to create assets in the Cognos Analytics content store that reference external Watson Studio Notebooks.
External Repositories
This secured function controls access to external repositories. External repositories provide long-term storage for report content. When a connection to an external repository is specified for a package or folder, report output versions are copied to the repository automatically.
- Manage repository connections
Users can set a repository connection on a package or folder if a data source connection already exists.
- View external documents
Users can view the report output stored in an external repository.
Generate CSV Output
With permissions for this secured function, users can generate report output in the delimited text (CSV) format. Without this capability, users do not see an option in the user interface to run reports in the CVS format.
Generate PDF Output
With permissions for this secured function, users can generate report output in the PDF format. Without this capability, users do not see an option in the user interface to run reports in the PDF format.
Generate XLS Output
With permissions for this secured function, users can generate report output in the Microsoft Excel spreadsheet (XLS) formats. Without this capability, users do not see an option in the user interface to run reports in the XLS formats.
Generate XML Output
With permissions for this secured function, users can generate report output in XML format. Without this capability, users do not see an option in the user interface to run reports in the XML format.
Glossary
This secured function controls access to the IBM InfoSphere® Business Glossary.
Hide Entries
This secured function specifies that a user can hide entries and view hidden entries in IBM Cognos software.
The Hide this entry check box appears on the
General tab of the entries' properties pages. The Show hidden
entries check box appears on the Preferences tab in user
profiles, and on the General tab in My Area Options , My
Preferences.
Import Relational Metadata
Specifies that a group can import relational metadata into a Framework Manager or Dynamic Cube Designer project using dynamic query mode.
By default, the System Administrator, Directory Administrator, and Report Administrators groups belong to this secured function.
If other groups require the ability to import relational metadata to a dynamic query mode project they must be added to the capability. For example, if you create a Framework Manager Users group and add your Framework Manager users to that group, you also need to add the group to the Import relational metadata secured function.
Job
This secured function controls the ability for a user to be able to create jobs.
Lineage
This secured function controls access to the Lineage action. Use this to view information about data or metadata items from IBM Cognos Viewer, or from the source tree in Reporting, Query Studio, and Analysis Studio.
Manage content
This secured functions controls access to the Content tab in Manage.
Manage Own Data Source Signons
This secured function controls the ability to manage data source credentials on the Personal tab in My Preferences.
Mobile
This secured function controls access to IBM Cognos Analytics Mobile Reports.
Notebook
This secured function controls access to the
option. Users require Execute permissions for the Notebook capability to create Notebooks.Planning Contributor
This secured function controls access to IBM Cognos Planning Contributor and IBM Cognos Planning Analyst.
PowerPlay Studio
This secured function controls access to PowerPlay Studio.
Query Studio
This secured function controls access to the Query Studio, which you use to create simple, ad hoc reports.
The secured feature associated with this function is
- Create
Create new reports and use the Save as option for new reports and custom views.
-
Advanced
Use advanced authoring features, such as creating complex filters, formatting style, and multilingual support.
Report Studio
This secured function controls access to the Reporting user interface and to the underlying report execution functionality. Users need execute permissions on this secured function to access the Reporting user interface. Traverse or read permissions on this secured function might be needed to use the associated secured features, for example, to run reports created with custom SQL or embedded HTML.
The secured features associated with this function are:
-
Allow External Data
Users can use external data in reports.
-
Create/Delete
Users can create new reports, use the Save as option for new reports and report views, and change models.
-
Edit Burst Definition
Users can author burst reports.
-
Edit HTML Items
Users can edit the HTMLItem button and hyperlink elements of the report specification when authoring reports.
-
Edit User Defined SQL
Users can edit the SQL statements directly in the query specification.
Tip: Restrictions on who can use this feature are not enforced in Framework Manager. For example, a Framework Manager user who does not have Edit User Defined SQL rights in IBM Cognos Administration can still create a query subject. -
Generate Burst Output
Users can run burst reports.
-
Run HTML Items
Users can use the HTMLItem button and hyperlink elements of the report specification when authoring reports.
-
Run User Defined SQL
Users can run the query specifications that contain SQL statements.
Tip: Restrictions on who can use this feature are not enforced in Framework Manager. For example, a Framework Manager user who does not have Run User Defined SQL rights in IBM Cognos Administration can still run manually created SQL queries to search a database.
Save to Cloud
This capability allows designated users to save their report output to the cloud. Users require Execute permissions for the Save to Cloud capability to view the Save to cloud check box as a delivery option for saved report outputs. The roles granted with Execute permissions by default are listed in the Save to Cloud capability section.
The following secured feature is associated with this function:
-
Manage Connections
This secured feature allows Directory Administrators to access the
page to create and manage connections to external Cloud Object Storage services. Designated users can then access the Save to cloud feature.
Scheduling
The Scheduling capability allows a user to schedule items that can be run, such as reports. Users
must have the Scheduling capability to see the My schedules and subscriptions
option in the Personal menu . For more information, see My schedules and subscriptions.
The secured features associated with this capability are
-
Schedule by day
Users can schedule entries daily.
-
Schedule by hour
Users can schedule entries by the hour.
-
Schedule by minute
Users can schedule entries by the minute.
If a user is denied access to the Schedule by minute capability, 'by minute' scheduling is also denied for other capabilities that allow 'by minute' scheduling, for example, the Schedule by month capability.
-
Schedule by month
Users can schedule entries monthly.
-
Schedule by trigger
Users can schedule entries based on a trigger.
-
Schedule by week
Users can schedule entries weekly.
-
Schedule by year
Users can schedule entries yearly.
-
Scheduling Priority
Users can set up and change the processing priority of scheduled entries.
Note: A user who schedules an item (that is, a report, event, job and so on) without the Scheduling Priority capability cannot schedule an item with a priority other than 3. A different priority may be set, and displayed, in the schedule by a user with the appropriate access. However, the report will still run with a priority of 3 unless its ownership is also changed to a user with the appropriate access to the Scheduling Priority capability.
Self Service Package Wizard
This secured function controls the ability to select which data sources can be used to create a package.
Set Entry-Specific Capabilities
This secured function specifies that a user can set up capabilities at an entry level.
The Capabilities tab appears in the Set properties pages for packages and folders for users who have this capability and who have set policy permissions for the entry or who own the entry.
Specification Execution
This secured function allows a user or Software Development Kit application to use an inline specification. The Specification Execution secured function is counted as an Analytics Administrators licence role.
IBM Cognos Analytics with Watson studios and some services use inline specifications internally to perform tasks. The service running the specification tests a number of capabilities to ensure that the user is entitled to use the inline specification. For more information, see the runSpecification method in the Developer Guide.
Upload files
This secured function controls access to the Upload files function. Users who have this capability can upload data files.
View Generated Query Text
This capability allows users to view SQL or MDX query information about Cognos Analytics assets. By default, all users can view this query text. However, the administrator can remove this capability either for all assets or for an individual asset.
Visualization Alerts
Users who are assigned this capability can create an alert for a pin board in Cognos Analytics for Mobile.
Watch Rules
This secured function controls access to the Rules tab in My Watch Items. Use this secured function to create and run watch rules.
Web-based modeling
This secured function controls access to the web-based modeling function. Users who have this capability can create data modules from the
menu.