Authorization is the process of granting or denying access to data, and specifying the actions that can be performed on that data, based on a user identity. For example, Cognos 8 administrators can set up folders in which reports are stored. They can then secure those folders so that only authorized users can view, change, or perform other tasks using the reports in the folder.
Authorization services are provided in Content Manager.
The Cognos 8 security model supports the distribution of security administration. Because objects in Content Manager, such as folders and groups, can be secured separately, security administration can be assigned to individuals in separate functional areas of the organization. Security administration does not have to be centralized with an Information Technology group or other overall administration group.
Permissions define access rights to objects, such as directories, folders, and other content, for each user, group, or role. Permissions also define the activities that can be performed with these objects.
Cognos 8 authorization assigns permissions to
groups and roles created in the Cognos namespace in Content Manager.
These groups and roles are referred to as Cognos groups and Cognos roles.
entire namespaces, users, groups, and roles created in third-party authentication providers.
A user entry is created and maintained in a third-party authentication provider to uniquely identify an account belonging to a person or a computer. You cannot create user entries in Cognos 8.
The user entry stored in the authentication provider may include information such as first and last names, passwords, IDs, locales, and email addresses. However, Cognos 8 may require additional information, such as the location of the users’ personal folders or their format preferences for viewing reports in the portal. This additional information is stored in Cognos 8.
You can assign users to groups and roles defined in the authentication provider and in Cognos 8. A user can belong to one or more groups or roles. If users are members of more than one group, their access permissions are merged.
For more information about users, see the Administration and Security Guide.
Groups and roles represent collections of users who perform similar functions, or have a similar status in an organization. Members of groups can be users and other groups. Members of roles can be users, groups, and other roles.
Both groups and roles are used to assign access permissions in Cognos 8. Users always log on with all the permissions associated with the groups and roles to which they belong.
For more information about groups and roles, see the Administration and Security Guide.