Troubleshooting
Problem
Customer has chosen to use Cognos CAM security for their Controller authentication. Customer has secured their Cognos CAM system so that only one person has system administrative permission. - Specifically they add only one user (for example 'John Smith') to be a member of the Cognos role 'System Administrators' - Therefore, only one person (John Smith) can administer the security. At some point later, one of the following scenarios occur: - The customer accidentally removes the user (John Smith) from the role 'System Administrators' - The user (John Smith) leaves the company - The user (John Smigh)'s Windows username changes (for example, their Active Directory domain name changes). This causes nobody to be able to logon (to the Cognos Connection website) as a system administrator, therefore no security changes can be made. How can the customer recover from this mistake?
Symptom
No users have enough permission to logon to the Cognos Connection website as a system administrator, therefore no administrative tasks can be made.
Cause
No valid users are members of the Cognos security role 'System Administrators'.
Resolving The Problem
Temporarily add the group 'Everyone' to be a member of the Cognos security role 'System Administrators', by running a database script ("AddSysAdminMember.sql").
Steps:
The following instructions are based on using Microsoft SQL with Controller 10.2.1.
- They may need to be amended slightly depending on your environment.
1. Check the name of the Content Store database
- TIP: This is the database that is configured inside 'Cognos Configuration', for example:
2. Check what SQL user ID you are using (for example 'fastnet') to connect to the contentstore database
- TIP: Click on this button to find out:
3. Logon to the Controller application server
4. Browse to the following folder: C:\Program Files\IBM\cognos\ccr_64\configuration\schemas\content
5. Open the relevant subfolder for your database type, and open following file inside Notepad: AddSysAdminMember.sql
- Microsoft SQL: ...\sqlserver\AddSysAdminMember.sql
- Oracle: ...\oracle\AddSysAdminMember.sql
- DB2: ...\db2\AddSysAdminMember.sql
Examples:
6. Launch your SQL administration tool (for example 'SQL Management Studio')
7. Authenticate (to the SQL server) using the same SQL user ID (for example 'fastnet') as you found in step 2:
8. Right-click on the ContentStore database, and choose 'New Query'
9. Paste the contents of the script (see step 5) into the window on the right hand side, and press 'Execute':
10. Restart your Cognos services (If you don't do this it won't take effect)
11. Launch the Cognos Connection website (http://servername/ibmcognos)
12. Click on the 'Security' tab, and open the 'Cognos' namespace
13. Click 'Properties' next to 'System Administrators':
14. Notice how the group 'Everyone' is a member:
15. Manually add any new user accounts who should have system administrator privileges
16. Finally, remove the group 'Everyone' from this role.
17. Test.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21992196