Choosing the Type of Security to be Applied

Cognos® Transformer supports two types of security to restrict data access across the IBM® Cognos reporting components: member-based security and cube-based password protection.

When you use member-based security, you create custom views and apply these views to specific categories (members), dimensions, or components thereof. This filters the cube data that is shown to specific report users. Member-based security uses security objects such as users, groups, or roles, to define user access to information.

With cube-based security, you apply security to an entire PowerCube or cube group by setting a password to restrict access to authorized users.

Assessing Your Security Requirements

Use the following questions to assess the need to control access to information and to identify the specific security levels to apply to each user, group, or role.

  • Can you place your users into distinct groups based on their information needs and access privileges? Or, do people change jobs or locations so frequently that this is not practical?
  • If your organization already has user groups or roles, are these based on network and database access, or existing Human Resources classifications such as job functions and task profiles? Will you need to realign these user groups to more accurately reflect decision-making roles?
  • Can you rely on database or network operating system logins to restrict access, or must you implement alternative security for your sensitive data? Do you have directory-based security already in place?

After you decide on the necessary levels of security to use, the process of adding security to your models and cubes consists of the following tasks:

  • ensuring that the required authentication provider is configured in your IBM Cognos Analytics environment and that the required users, groups, and roles are available from that Cognos namespace, referencing the configured authentication provider of your choice

    For more information, see the Administration and Security Guide.

  • assigning the security objects from the security namespace configured in IBM Cognos Analytics to custom views, and then combining custom views with dimension filtering to appropriately subdivide your business information
  • associating access controls with your PowerCubes before delivering them to your users

To begin, consider the business reasons for restricting access to data. For example, you may have confidential data that only specific users are allowed to see. Or your configured data source may contain a large amount of information, and your users need to retrieve data from only specific dimensions or levels. Perhaps you have a dimension that contains many categories or members, and your users need to retrieve only a subset of records from that dimension.

Depending on your data source, the underlying database security may also affect user access to certain categories of information. Therefore, assigning access to a level may not guarantee that the user also has access to all the categories or members in that level.

Before you add security in Cognos Transformer, ensure that security was set up correctly in IBM Cognos. For more information, see the Administration and Security Guide.