IBM Support

Controller licensing - what is the difference between an Administrator and non-administrator user?

Question & Answer


What is the difference between an Administrator and non-administrator user, in relation to the licensing of the Controller product?


Customer would like to make sure that their administrative and non-administrative users have the correct permissions inside Controller, in order to comply with IBM's licensing policies.
TIP: From Controller 10.4.0 onwards, there is a new report ("License Management Report") which is available inside the Controller classic client.
  • This gives the administrative user the ability to check how many administrative/standard/inactive users the customer has:
For more details, see links at the end of this Technote.


For the avoidance of doubt:
  • The information in this Technote only relates to licensing. In other words, we are defining the difference (between an 'administrator' and 'standard' user) purely on the basis of a Controller licence (not the usage of the product).
  • The information in this Technote was correct at the time of writing.
  • For most customers, the summary below is correct. However, please contact your IBM Sales representative for 100% confirmation of your specific contract with IBM.

Administrative User

A Controller administrative user is allowed access to any/all menu items (unrestricted).


Standard User

A Controller Standard User must be restricted to only being allowed to access some of the Controller menu items.
  • Specifically, they are allowed to have access to all menus in Controller with the exception of any menu items in the 'Maintain' menu which give change/write access to financial configuration.

A Standard User may have access to the following menus:
  • Company - ALL
  • Group - ALL
  • Reports - ALL
  • Transfer - ALL
  • Help - ALL
  • Maintain: only the following:
    • Maintain/Configuration/Automatic Journals/Reports
    • Maintain/Configuration/Reports
    • Maintain/Accounts structure/Reports
    • Maintain/Company Structure/Reports
    • Maintain/Extended Dimension X Structure/Reports
    • Maintain/Extended Dimension X Structure/Change Table - Reports
    • Maintain/Linked Structure/Reports
    • Maintain/Submission/Reports
    • Maintain/Period locking/Change - Period locking by company
    • Maintain/Period locking/Reports
    • Maintain/Batch Queue/View
    • Maintain/Installation/Local Preferences
    • Maintain/User/Change Password
    • Maintain/User/Personal Defaults
    • Maintain/User/View Active Users
    • Maintain/Rights/Reports
    • Maintain/Database/Database Selection Mode
    • Maintain/Status/Change Status
    • Maintain/Special Utilities/Clear Local Cache


* NOTE: The menu item 'Maintain/Rights/Users' allows a 'standard' user to perform changes (write access) to the logon/user/security configuration of an end user. However, it does not allow them to modify any financial information. For this reason ( from Controller 10.3.0 onwards) some of this menu items are allowed.

The reason why this menu item is allowed (for standard users) is the concept of allowing a customer to create a non-Finance administrator user (for example, a menu of the I.T. department) whose job is to create new (or modify existing) users in the system. However, that 'standard' user would not use the Controller software for any financial administration (instead, merely I.T. user administration purposes).
  • For more details, see separate IBM Technote #620465.

TIP: The method to restrict users to only seeing some menu items, is by creating a 'security group' and restricting the rights as required.

For example:

1. Click "Maintain - Rights - Security Groups'

2. Click 'Menus' tab, and then create a new 'Menu Group' (for example called 'IT')

3. Modify the relevant menu items, so the 'Access Rights' are set to 'Not Available'

  • In other words, lots of the menu items will now appear in red, for example:
4. Click "Maintain - Rights - Users"
5. Select the relevant user
6. Click tab 'Limitations'
7. In the 'Menu Group' section, choose the security group that was created earlier (for example 'IT'):
8. Save changes
9. Test.

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.3.0;10.3.1;10.4.0;10.4.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
26 February 2021