IBM Cognos Security Objects

Users, groups, and roles are IBM® Cognos® security objects created for authentication and authorization purposes. You can add groups created in authentication providers, or you can create your own in IBM Cognos.

Users

A user entry is created and maintained in an authentication provider to uniquely identify a human or a computer account. You cannot create users in IBM Cognos.

Information about users, such as first and last names, IDs, passwords, locales, and e-mail addresses, is stored in authentication providers.

Users can become members of groups defined in authentication providers and groups defined in IBM Cognos. A user can belong to one or more groups. When users are members of more than one group, their access permissions are merged; this is known as the union of views principle.

Groups and Roles

Groups can include individual users, as well as other groups. Group membership is part of a user's basic identity. Users log on with all the permissions associated with the groups to which they belong. Examples of groups are Employees, Managers, and Sales Personnel.

A role is a grouping that typically includes users who have similar responsibilities and privileges in your organization. Roles can include users, groups, and other roles.

Individual users can belong to several groups or roles.

Group and role names must be unique.