Setting access permissions for security views

The model contains the security views that were defined for the dynamic cube in IBM® Cognos® Cube Designer. Administrators set access permissions for the security views.

About this task

Security views can be accessed from the model within a dynamic cube data source. A model view in IBM Cognos Administration is equivalent to a security view in Cognos Cube Designer.

By default, when a dynamic cube is published to the content store, the group Everyone has access to the model view. Administrators must override the access permissions to remove Everyone and add the appropriate users, groups, or roles to the model view.

Only read permissions are required to give the users, groups, or roles access to the metadata in a dynamic cube.

Procedure

  1. In IBM Cognos Administration, on the Status tab, click Dynamic Cubes.

    In the Scorecard section, you see a list of all published dynamic cube data sources in the IBM Cognos Analytics environment.

  2. Point to the data source that you want to edit, and from the Actions drop-down menu, click Edit security view permissions.

    The available security views are listed in the model.

  3. For the selected security view, in the Actions column, click the Set properties icon.
  4. Choose whether to use the permissions of the parent entry or specify permissions specifically for the entry:
    • To use the permissions of the parent entry, clear the Override the access permissions acquired from the parent entry check box, then click OK if you are prompted to use the parent permissions.
    • To set access permissions for the entry, select the Override the access permissions acquired from the parent entry check box, and proceed to step 5.
  5. Optional: If you want to remove an entry from the list, select its check box and click Remove.
    Tip: If you want to select all entries, select the check box at the top of the list. Clear the check box to deselect all entries.
  6. To specify the entries for which you want to grant or deny access, click Add, and choose how to select entries:
    • To choose from listed entries, click the appropriate namespace, and then select the check boxes next to the users, groups, or roles.
    • To search for entries, click Search and in the Search string box, type the phrase you want to search for. For search options, click Edit. Find and click the entry you want.
    • To type the name of entries that you want to add, click Type and type the names of groups, roles, or users using the following format, where a semicolon (;) separates each entry:

      namespace/group_name;namespace/role_name;namespace/user_name;

      Here is an example: Cognos/Authors;LDAP/scarter;

  7. Click the arrow icon to move the selected entry to the Selected entries box, and when all required entries are in this box, click OK.
    Tip: To remove entries from the Selected entries box, select them and click Remove. To select all entries in a list, click the check box in the upper-left corner of the list. To make the user entries visible, click Show users in the list.
  8. Grant read permissions for each entry in the list, and click OK .
    Tip: In the Permissions column, an icon appears next to the user, group, or role. This icon represents the type of access granted or denied to the entry.
  9. If you want to remove access permissions that were previously set for the child entries so that the child entries can acquire permissions set for this entry, in the Option section, select the Delete the access permissions of all child entries check box.

    This option appears only with entries that are containers. You can use it to restrict access to a hierarchy of entries. Select this option only when you are certain that changing access permissions of the child entries is safe.