Of all the areas of Cognos administration the one that appears to cause the most anxiety is security. This likely is the result of the fact that there are so many ways that security can be applied within Cognos Analytics. The distinction between groups and roles, for example, and how they each should be used is one of the least understood aspects of correctly applying security in Cognos. Yet doing this correctly is the cornerstone of any successful implementation of security in Cognos.
A question frequently asked, but not often openly expressed, is this: “Is security correctly applied across our Cognos environment?”
You can be sure that the larger the environment the more likely this question has been on the minds of some people, likely more than once. Any major breach of data security often results in the loss of someone’s job.
So what’s behind this anxiety? Well, first off, simply asking the question clearly implies that there is some defined model for how security should be applied across the environment and that it’s detailed enough to cover all key dimensions of security. This presumes that one was created at some point in time and updated as the organization changed and evolved. Often however, the existing Cognos security model has been in place for a few years and the person or persons that created it are no longer around.
Secondly, this also implies that we have a means of clearly determining if the security we currently have in place across Cognos is correctly aligned with our model. Without a tool that enable us to do this relatively easily and quickly this could be seen as an impossible task and likely never addressed at all. But there are tools that make this possible and will enable you to assess all dimension of security across your Cognos environment. This means groups, roles, objects, folders, accounts, data items, etc. – everything.
In the figure below we see an analysis of roles in a sample environment. There are 47 total roles in this one and they are laid out in a way that we can see that some roles include not only accounts but other roles as well. It also shows how some of these may overlap.
Perhaps the biggest question of all is, “Who is responsible for insuring that security is correctly applied across the Cognos environment?” Is it assigned to one person, a group or some combination? Without a single point of focus you should probably be nervous at this point.
So how do you get your arms around this? A good beginning would be to simply begin asking questions and see where it leads.
Every Cognos administrator should asked themselves the question, “How much is it worth for me to know that our security model is correctly applied across Cognos?” If it hasn’t already been answered, then just asking the question is likely to result in action of some type. The key is to have it focused on getting actionable results.
Some guidelines on getting the answer and dealing with results to these questions:
In an age when there is a clear expectation that the data the company uses to manage itself at all levels is rock solid secure there’s a high cost to not knowing if that’s really true.
© - Envisn, Inc. – All rights Reserved. Cognos Security made Simple with NetVisn