IBM Support

How to reset Cognos CAM security, if nobody can logon to Cognos Connection website as an administrator

Troubleshooting


Problem

Customer has chosen to use Cognos CAM security for their Controller authentication. Customer has secured their Cognos CAM system so that only one person has system administrative permission. - Specifically they add only one user (for example 'John Smith') to be a member of the Cognos role 'System Administrators' - Therefore, only one person (John Smith) can administer the security. At some point later, one of the following scenarios occur: - The customer accidentally removes the user (John Smith) from the role 'System Administrators' - The user (John Smith) leaves the company - The user (John Smigh)'s Windows username changes (for example, their Active Directory domain name changes). This causes nobody to be able to logon (to the Cognos Connection website) as a system administrator, therefore no security changes can be made. How can the customer recover from this mistake?

Symptom

No users have enough permission to logon to the Cognos Connection website as a system administrator, therefore no administrative tasks can be made.

Cause

No valid users are members of the Cognos security role 'System Administrators'.

Resolving The Problem

Temporarily add the group 'Everyone' to be a member of the Cognos security role 'System Administrators', by running a database script ("AddSysAdminMember.sql").

Steps:

The following instructions are based on using Microsoft SQL with Controller 10.2.1.

  • They may need to be amended slightly depending on your environment.

1. Check the name of the Content Store database

  • TIP: This is the database that is configured inside 'Cognos Configuration', for example:


2. Check what SQL user ID you are using (for example 'fastnet') to connect to the contentstore database
  • TIP: Click on this button to find out:

3. Logon to the Controller application server

4. Browse to the following folder: C:\Program Files\IBM\cognos\ccr_64\configuration\schemas\content

5. Open the relevant subfolder for your database type, and open following file inside Notepad: AddSysAdminMember.sql


    Examples:
    • Microsoft SQL: ...\sqlserver\AddSysAdminMember.sql
    • Oracle: ...\oracle\AddSysAdminMember.sql
    • DB2: ...\db2\AddSysAdminMember.sql

6. Launch your SQL administration tool (for example 'SQL Management Studio')

7. Authenticate (to the SQL server) using the same SQL user ID (for example 'fastnet') as you found in step 2:


8. Right-click on the ContentStore database, and choose 'New Query'




9. Paste the contents of the script (see step 5) into the window on the right hand side, and press 'Execute':

10. Restart your Cognos services (If you don't do this it won't take effect)

11. Launch the Cognos Connection website (http://servername/ibmcognos)

12. Click on the 'Security' tab, and open the 'Cognos' namespace

13. Click 'Properties' next to 'System Administrators':




14. Notice how the group 'Everyone' is a member:

15. Manually add any new user accounts who should have system administrator privileges

16. Finally, remove the group 'Everyone' from this role.

17. Test.

[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.2.1;10.2.0;10.1.1;10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21992196

Page Feedback