Data source security

You can define security for data sources using IBM® Cognos® authentication or data source-specific security. Defining IBM Cognos authentication for a data source does not override any database vendor-specific security.

Depending on the data source, one or more of the following types of IBM Cognos authentication are available:

  • No authentication

    IBM Cognos Analytics logs on to the data source without providing any signon credentials.

  • IBM Cognos service credentials

    IBM Cognos Analytics logs on to the data source using the logon specified for the IBM Cognos service. Users do not require individual database signons. For production environments, however, individual database signons are generally more appropriate.

  • External namespace

    IBM Cognos Analytics logs on to the data source with the same credentials used to authenticate to the specified external authentication namespace. The namespace specified must be active, users must be logged on to it prior to accessing the data source, and the credentials used for the namespace authentication must be relevant for the data source authentication.

All data sources also support data source signons defined for the Everyone group or for individual users, groups, or roles. If the data source requires a data source signon, but you don't have access to a signon for this data source, you will be prompted to log on each time you access the data source.

IBM Cognos Analytics also respects any security defined for the data source. For example, for IBM Cognos cubes, the security may be set at the cube level. For Microsoft Analysis Services data sources, the security may be set using cube roles.