IBM Support

Tivoli Common Reporting missing user and group permissions.

Technical Blog Post


Abstract

Tivoli Common Reporting missing user and group permissions.

Body

image

 

When the user or group permissions disappears in Tivoli Common Reporting , this can be caused by corruption of the VMMProvider or a too large repository .

Early version of the  Tivoli Common Reporting uses the Federated Repository and  this is configured to use the Internal File Repository.
This repository contains users and groups settings including access permission and rights as this are built into Tivoli Common Reporting.
It does not require the users or groups to exist anywhere outside Tivoli Common Reporting.

You can edit or assigned users and groups using the reporting portlet. The  File Repository where you managed Users and Groups is the navigation console item

shown below.

image

 

 

 

 

 

 

 

 

 

 

 

 

There are two security namespaces for a single system TCR installation, they are Cognos and VMMProvider.
For a distributed TCR installation, VMMProvider is not installed.

VMMProvider contains all the users and groups for the federated repository and it is as shown below:
 

image

 

 

 

 

 

 

 

 

 

 

 

 

Tivoli Common Reporting comes with reporting roles already defined. These roles are defined here:
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.ug_cra.8.4.1.doc/ug_cra_i_PredefinedEntries.html#PredefinedEntries

What makes these roles easy to use is that all reporting objects by default have the predefined roles set
properly on them. You only need to add users and groups to the roles.

To use the predefined roles, remove everyone from all the predefined roles that they exists in, then add
your users and groups to the roles. This procedure is described here:

http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.ug_cra.8.4.1.doc/ug_cra_i_SpecifySecuritySettingsAfterInstallation.html#SpecifySecuritySettingsAfterInstallation

From Tivoli Common Reporting 3.1.2 on-wards  admin rights won't be given to non admin users by default.
Please see the link below.
https://www-01.ibm.com/support/docview.wss?uid=swg21963430

 

Alternative Solution:

If you have a large repository and the VMMProvider is not returning all the groups, then update the properties file to disable and return all groups and users.

This means that the administrators will use the search feature to find the groups and users.

 <install>\..\tipv2\profiles\TIPProfile\installedApps\TIPCell\IBM Cognos 8.ear\p2pd.war\WEB-INF\lib\VMMprovider.properties.

Starting in TCR 2.1.1 the default is not to return all groups and users, requiring the administrator to use the search function.

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11083495