User capabilities

Adaptive Analytics

This secured function controls access to the reports packaged using Adaptive Analytics.

Administration

This secured function contains the secured features that control access to the administration pages that you use to administer IBM Cognos software. System administrators can use this capability to delegate administration tasks to different administrators.

The following secured features are associated with this function:

• Adaptive Analytics Administration

  Users can access Adaptive Analytics to perform administrative tasks.

• Administration tasks

  Users can access Content Administration on the Configuration tab in IBM Cognos Administration to administer exports, imports, consistency checks, and report updates.

• Collaboration Administration

  Users can access the ability to create and control collaboration platforms.

• Configure and manage the system

  Users can access System on the Status tab and Dispatchers and Services on the Configuration tab in IBM Cognos Administration to configure dispatchers and services, and to manage the system.

• Controller Administration

  Users can use the administrative functions of IBM Cognos Controller.

• Data Source Connections

  Users can access Data Source Connections on the Configuration tab in Administration console or in Data server connections under Manage to define data sources, connections, and signons. In IBM Cognos Analytics on Cloud, they can also access the Secure Gateway page from the Manage menu.

• Distribution Lists and Contacts

  Users can access Distribution Lists and Contacts on the Configuration tab in IBM Cognos Administration to manage distribution lists and contacts.

• Manage Visualizations

  This secured function specifies that the user can control access rights to custom visualizations for individual users, groups, and roles.

  CAUTION:
  Be judicious when you assign Develop Visualizations access and ensure that you review files that are being uploaded. People who are permitted to upload files may be able to deliver malicious code.
• Mobile Administration

  Users can administer IBM Cognos Analytics Mobile Reports services and applications.

• Planning Administration

  Users can access IBM Cognos Planning Contributor Administration Console and IBM Cognos Planning Analyst to perform administration tasks.

• PowerPlay Servers

  User is given limited access to the IBM Cognos Administration pages. This includes access to the PowerPlay® page and the ability to set PowerPlay properties.

• Printers

  Users can access Printers on the Configuration tab in IBM Cognos Administration to manage printers.

• Query Service Administration

  Users can access the Status > Data Stores page in IBM Cognos Administration to manage dynamic cubes. Users can perform operations on cubes, such as starting and stopping cubes, refreshing the data cache, and creating and scheduling query service tasks.

• Run activities and schedules

  Users can access Current Activities, Past Activities, Upcoming Activities and Schedules on the Status tab in IBM Cognos Administration to monitor the server activities and manage schedules. To grant access to the scheduling functionality independently from the monitoring functionality, use the Scheduling capability.

• Set capabilities and manage UI profiles

  Users can access Capabilities and User Interface Profiles on the Security tab in IBM Cognos Administration to manage the secured functions and features and the Reporting user interface profiles.

• Styles and portlets

  Users can access Styles and Portlets on the Configuration tab in IBM Cognos Administration to manage styles and portlets.

• Users, Groups and Roles

  Users can access Users, Groups and Roles on the Security tab in IBM Cognos Administration to manage namespaces, users, groups, and roles.

AI

This capability allows designated users to access AI functionality. The roles granted with Execute permissions by default are listed in the AI capability section.

The following secured functions are associated with this function:

• Learning

  This secured function allows the system to learn from an assignee’s product usage.

• Use Assistant

  This secured function allows designated users to use the Assistant.

Analysis Studio

Attach Outputs

This capability allows a user to attach outputs in an email when setting a schedule, running a report in the background, or setting job steps.

Cognos Analytics for Mobile

This capability allows users access to Cognos Analytics via the Cognos Analytics for Mobile app. The roles granted with Execute permissions by default are listed in the Cognos Analytics for Mobile capability section of Initial access permissions for capabilities.

Cognos Insight

Cognos Viewer

This secured function controls access to IBM Cognos Viewer, which you use to view reports.

The secured features associated with this function are

• Context Menu

  Users can use the context menu in IBM Cognos Viewer.

  Note: To see the context menu, users must have access to both the Selection and Context Menu secured features.

• Run With Options

  Users can change the default run options. When users have no execute permissions for this feature, they cannot see the Run with options icon for reports.

• Selection

  Users can select text in lists and crosstabs.

• Toolbar

  Users can see the IBM Cognos Viewer toolbar.

Collaborate

This secured function controls access to IBM Connections from within IBM Cognos.

The secured features associated with this function are:

• Launch Collaboration Tools

  The secured feature allows users to launch IBM Connections from any Launch menu within the IBM Cognos Analytics environment, including the Cognos Workspace Getting Started Page, and the Actions Menu. The links will go to the user's IBM Connections home page, if it is configured, or to Activities.

• Allow Collaboration Features

  This secured feature controls access to the Collaborate icon and to IBM Connections Search Results within Cognos Workspace. Users must have access to create or view activities from within Cognos Workspace.

Controller Studio

This secured function controls access to IBM Cognos Controller.

Dashboard

This secured function controls access to view Dashboards and Stories. Users require Execute permissions for the Dashboard capability to view both dashboards and stories. The roles granted with Execute permissions by default are listed in the Dashboard capability section.

The following secured feature is associated with this function:

Create/Edit

This secured function controls access to the New > Dashboard and New > Story functions. Users require Execute permissions for the Dashboard and Create/Edit capability to both create or edit dashboards and stories.

Data Manager

This secured function controls access to Data Manager.

Data sets

This secured function controls access to the Create data set menu that is available from the package and data module context menus.

Desktop Tools

This secured function controls tracking for Cognos Desktop Tools products. Users with this capability are members of the Analytics Explorers role. This allows an admin to track the users in the license counter. Products that will count as a desktop tool include Planning Analytics For Microsoft Excel, Cognos Framework Manager, Cognos Cube Designer and Dynamic Query Analyzer, Transformer, and TM1 Writeback to bundled FLBI TM1 server.

Detailed Errors

This secured function controls access to viewing detailed error messages in the Web browser.

Develop Visualizations

This secured function specifies that the user can develop custom visualizations.

Drill Through Assistant

This secured function controls access to the drill-through debugging functionality in the drill-through Go To page and the drill-through definitions. Users who have this capability see additional information in the Go To page for each drill-through target. This information can help to debug a drill-through definition, or can be forwarded to the Cognos Software Services representative.

Event Studio

This secured function controls access to Event Studio.

Email

This capability allows a user to send an email when scheduling or sharing content. The roles granted with Execute permissions by default are listed in the Email capability section of Initial access permissions for capabilities.

The following secured features are associated with this capability:

Email Delivery Option

This secured function allows a user to choose email delivery when setting a schedule, running a report in the background, or setting job steps.

Include link in email

This secured function allows a user to link to content from an email when sharing content, setting a schedule, or running a report in the background.

Share using email

This secured function allows a user to share annotated screen captures via email from Share > Send.

Type in external email

This secured function allows a user to enter external recipients in an email. If the secured function is not granted, the user can only select recipients from their authenticated namespaces.

Execute Indexed Search

This secured function controls access to the search of indexed content. This secured function does not appear until the Index Update Service has been started.

By default, Execute Indexed Search allows enhanced indexed search. When Execute Indexed Search is disabled, basic indexed search is provided.

Executive Dashboard

This secured function controls access to IBM Cognos Workspace. Users who have access to this function are granted basic permissions for the workspaces in Cognos Workspace. With this type of permissions, users can view the workspaces, drill up and down on the workspace data, add comments, print the workspaces, use slider filters, and select value filters if these filters are included in the workspace.

The following secured features, which are associated with the Executive Dashboard function, grant more extensive permissions for the workspace:

• Use Advanced Dashboard Features

  Use this feature to grant the users maximum permissions for the workspace.

• Use Interactive Dashboard Features

  Use this feature to grant the users permissions to access the workspace functions that allow interaction with the widget data. This includes access to the on-demand toolbar in the widget that provides options for interacting with the report data, such as sorting, deleting, resetting, swapping rows and columns, and changing the report display type.

Exploration

This secured function controls access to the New > Exploration function. Users require Execute permissions for the Exploration capability both to create or view explorations. The role is granted with Execute permissions by default, as listed in the Exploration capability section.

External Content

This capability allows the assignee to use content from sources that are external to IBM Cognos Analytics.

The secured function associated with the External Content capability is Watson Studio. It allows the assignee to create assets in the Cognos Analytics content store that reference external Watson Studio Notebooks.

External Repositories

This secured function controls access to external repositories. External repositories provide long-term storage for report content. When a connection to an external repository is specified for a package or folder, report output versions are copied to the repository automatically.

Generate CSV Output

With permissions for this secured function, users can generate report output in the delimited text (CSV) format. Without this capability, users do not see an option in the user interface to run reports in the CVS format.

Generate PDF Output

With permissions for this secured function, users can generate report output in the PDF format. Without this capability, users do not see an option in the user interface to run reports in the PDF format.

Generate XLS Output

With permissions for this secured function, users can generate report output in the Microsoft Excel spreadsheet (XLS) formats. Without this capability, users do not see an option in the user interface to run reports in the XLS formats.

Generate XML Output

With permissions for this secured function, users can generate report output in XML format. Without this capability, users do not see an option in the user interface to run reports in the XML format.

Glossary

This secured function controls access to the IBM InfoSphere® Business Glossary.

Hide Entries

This secured function specifies that a user can hide entries and view hidden entries in IBM Cognos software.

The Hide this entry check box appears on the General tab of the entries' properties pages. The Show hidden entries check box appears on the Preferences tab in user profiles, and on the General tab in My Area Options , My Preferences.

Import Relational Metadata

Specifies that a group can import relational metadata into a Framework Manager or Dynamic Cube Designer project using dynamic query mode.

By default, the System Administrator, Directory Administrator, and Report Administrators groups belong to this secured function.

If other groups require the ability to import relational metadata to a dynamic query mode project they must be added to the capability. For example, if you create a Framework Manager Users group and add your Framework Manager users to that group, you also need to add the group to the Import relational metadata secured function.

Job

This secured function controls the ability for a user to be able to create jobs.

Lineage

This secured function controls access to the Lineage action. Use this to view information about data or metadata items from IBM Cognos Viewer, or from the source tree in Reporting, Query Studio, and Analysis Studio.

Manage content

This secured functions controls access to the Content tab in Manage.

Manage Own Data Source Signons

This secured function controls the ability to manage data source credentials on the Personal tab in My Preferences.

Mobile

This secured function controls access to IBM Cognos Analytics Mobile Reports.

Notebook

This secured function controls access to the New > Notebook option. Users require Execute permissions for the Notebook capability to create Notebooks.

Planning Contributor

This secured function controls access to IBM Cognos Planning Contributor and IBM Cognos Planning Analyst.

PowerPlay Studio

This secured function controls access to PowerPlay Studio.

Query Studio

This secured function controls access to the Query Studio, which you use to create simple, ad hoc reports.

The secured feature associated with this function is

• Create

  Create new reports and use the Save as option for new reports and custom views.

• Advanced

  Use advanced authoring features, such as creating complex filters, formatting style, and multilingual support.

Report Studio

This secured function controls access to the Reporting user interface and to the underlying report execution functionality. Users need execute permissions on this secured function to access the Reporting user interface. Traverse or read permissions on this secured function might be needed to use the associated secured features, for example, to run reports created with custom SQL or embedded HTML.

The secured features associated with this function are:

• Allow External Data

  Users can use external data in reports.

• Bursting

  Users can author and run burst reports.

• Create/Delete

  Users can create new reports, use the Save as option for new reports and report views, and change models.

• HTML Items in Report

  Users can use the HTMLItem button and hyperlink elements of the report specification when authoring reports.

• User Defined SQL

  Users can edit the SQL statements directly in the query specification and run the query specifications that contain the edited SQL statements.

  Tip: Restrictions on who can use this feature are not enforced in Framework Manager. For example, a Framework Manager user who does not have User Defined SQL rights in IBM Cognos Administration can still create a query subject and use manually created SQL queries to search a database.

Save to Cloud

This capability allows designated users to save their report output to the cloud. Users require Execute permissions for the Save to Cloud capability to view the Save to cloud check box as a delivery option for saved report outputs. The roles granted with Execute permissions by default are listed in the Save to Cloud capability section.

The following secured feature is associated with this function:

• Manage Connections

  This secured feature allows Directory Administrators to access the Manage > Storage page to create and manage connections to external Cloud Object Storage services. Designated users can then access the Save to cloud feature.

Scheduling

The Scheduling capability allows a user to schedule items that can be run, such as reports. Users must have the Scheduling capability to see the My schedules and subscriptions option in the Personal menu . For more information, see My schedules and subscriptions.

The secured features associated with this capability are

• Schedule by day

  Users can schedule entries daily.

• Schedule by hour

  Users can schedule entries by the hour.

• Schedule by minute

  Users can schedule entries by the minute.

  If a user is denied access to the Schedule by minute capability, 'by minute' scheduling is also denied for other capabilities that allow 'by minute' scheduling, for example, the Schedule by month capability.

• Schedule by month

  Users can schedule entries monthly.

• Schedule by trigger

  Users can schedule entries based on a trigger.

• Schedule by week

  Users can schedule entries weekly.

• Schedule by year

  Users can schedule entries yearly.

• Scheduling Priority

  Users can set up and change the processing priority of scheduled entries.

  Note: A user who schedules an item (that is, a report, event, job and so on) without the Scheduling Priority capability cannot schedule an item with a priority other than 3. A different priority may be set, and displayed, in the schedule by a user with the appropriate access. However, the report will still run with a priority of 3 unless its ownership is also changed to a user with the appropriate access to the Scheduling Priority capability.

Self Service Package Wizard

This secured function controls the ability to select which data sources can be used to create a package.

Set Entry-Specific Capabilities

This secured function specifies that a user can set up capabilities at an entry level.

The Capabilities tab appears in the Set properties pages for packages and folders for users who have this capability and who have set policy permissions for the entry or who own the entry.

Share Pin Board

Users who are assigned this capability can share a pin board that they created using Cognos Analytics for Mobile.

Specification Execution

This secured function allows a user or Software Development Kit application to use an inline specification. The Specification Execution secured function is counted as an Analytics Administrators licence role.

IBM Cognos Analytics studios and some services use inline specifications internally to perform tasks. The service running the specification tests a number of capabilities to ensure that the user is entitled to use the inline specification. For more information, see the runSpecification method in the Developer Guide.

Upload files

This secured function controls access to the Upload files function. Users who have this capability can upload data files.

Visualization Alerts

Users who are assigned this capability can create an alert for a pin board in Cognos Analytics for Mobile.

Watch Rules

This secured function controls access to the Rules tab in My Watch Items. Use this secured function to create and run watch rules.

Web-based modeling

This secured function controls access to the web-based modeling function. Users who have this capability can create data modules from the New > Data module menu.