I am using a TM1 datasource in Cognos 10 and would like to add users and, eventually, cube/dimension level security via the Series 7 (SunOne) user groups.
When I login as a user that is an administrator in TM1 I can create reports in any of the Cognos studios. However, when I try to access the same cube as a non-admin user I get the following error:
A cube with the specified name ("Sales Cube") cannot be found on the TM1 server.
I have added the Series 7 user class to TM1 and given that group Read access to the cube but I am only able to access the cube if the user is part of the TM1 Admin group.
I am using IntegratedSecurityMode=5 and have set the datasource connection to use the signon from Series 7.
When I login as the Series 7 user in Architect I don't see any of the cubes or dimensions I have set for Read access.
What am I missing?
User Security in Cognos 10
-
aa9
- Posts: 4
- Joined: Thu Jul 08, 2010 7:53 pm
- OLAP Product: TM1
- Version: 9.5.1 and 9.5.2
- Excel Version: 2003 and 2007
Re: User Security in Cognos 10
OK, after some messing around I've found that I can only apply security in TM1 using a Cognos 10 GROUP (not a role or LDAP group). This means that any administration of users for TM1 has to be done in the Cognos portal (rather than in the LDAP source).
Can this be correct?
Can this be correct?
-
abcuser
- Posts: 133
- Joined: Thu Mar 25, 2010 8:34 am
- OLAP Product: Cognos TM1
- Version: 9.5.2
- Excel Version: 0
Re: User Security in Cognos 10
Hi,
our environment:
- Cognos TM1 v9.5.2 on Windows 2008 rc2
- Cognos BI v8.4.1 on Windows 2008 rc2
- Apache LDAP server
I did the following:
1. In LDAP server create LDAP groups and assign users to groups.
2. Integrate Cognos BI with LDAP server. For each report or package define access to LDAP group.
3. Integrate TM1 server with Cognos BI single-sign on! (So you login into TM1 server/Architect using Cognos BI userid/password witch is actually LDAP userid/password, because Cognos BI is already integrated into LDAP security).
4. In TM1 Architect and new groups (LDAP groups).
5. In TM1 Architect for each cube define which LDAP group has access to it by adding Read, Write etc access privileges.
Hope this helps
our environment:
- Cognos TM1 v9.5.2 on Windows 2008 rc2
- Cognos BI v8.4.1 on Windows 2008 rc2
- Apache LDAP server
I did the following:
1. In LDAP server create LDAP groups and assign users to groups.
2. Integrate Cognos BI with LDAP server. For each report or package define access to LDAP group.
3. Integrate TM1 server with Cognos BI single-sign on! (So you login into TM1 server/Architect using Cognos BI userid/password witch is actually LDAP userid/password, because Cognos BI is already integrated into LDAP security).
4. In TM1 Architect and new groups (LDAP groups).
5. In TM1 Architect for each cube define which LDAP group has access to it by adding Read, Write etc access privileges.
Hope this helps
-
aa9
- Posts: 4
- Joined: Thu Jul 08, 2010 7:53 pm
- OLAP Product: TM1
- Version: 9.5.1 and 9.5.2
- Excel Version: 2003 and 2007
Re: User Security in Cognos 10
Thanks for the reply.
If by single signon you mean using Cognos authentication for TM1 then we've already set that up.
My problem is that when I try to use an LDAP group or Cognos role to set cube/dimension security it isn't recognized and I can't view any of the objects I've added security to. It is only when I use a Cognos group that I can see those objects.
I should mention I'm testing on Cognos 10.1 (no Fix Pack) and TM1 9.5.1. I will try on 10.1 FP1 and 9.5.2 later today.
If by single signon you mean using Cognos authentication for TM1 then we've already set that up.
My problem is that when I try to use an LDAP group or Cognos role to set cube/dimension security it isn't recognized and I can't view any of the objects I've added security to. It is only when I use a Cognos group that I can see those objects.
I should mention I'm testing on Cognos 10.1 (no Fix Pack) and TM1 9.5.1. I will try on 10.1 FP1 and 9.5.2 later today.
-
abcuser
- Posts: 133
- Joined: Thu Mar 25, 2010 8:34 am
- OLAP Product: Cognos TM1
- Version: 9.5.2
- Excel Version: 0
Re: User Security in Cognos 10
Yes, by single signon I mean using Cognos BI authentication for Cognos TM1.aa9 wrote:If by single signon you mean using Cognos authentication for TM1 then we've already set that up.
Try to login into TM1 Architect with non-admin user (the same user you are logging into Cognos BI) and see if you can see the cube. "Cube not found" can indicate one of two problems:aa9 wrote:My problem is that when I try to use an LDAP group or Cognos role to set cube/dimension security it isn't recognized and I can't view any of the objects I've added security to.
- cube is really not there (make sure you have correct name for cube) or
- user does not have access to the cube (so cube is not there, because user can't see it with existing rights).
If non-admin user can't see the data you have a TM1 --> LDAP problem. Check if the Read rights are set on dimensions, cubes etc for particular LDAP group.
If TM1 Architect security is working fine - you can see all of the data, then you have a Cognos BI problem. Check the report and/or package rights to see if user has access to cube.
I suspect you have a problem with TM1-->LDAP group.
Don't forget to check if user is really in LDAP group you are expecting to be in. Check this with LDAP admin to be sure.
According to supported environment both solutions should be working. But if you will use tm1 v9.5.2, then do apply fixpack 1 for BI. See supported environments: https://www-304.ibm.com/support/docview ... wg27019126aa9 wrote:I should mention I'm testing on Cognos 10.1 (no Fix Pack) and TM1 9.5.1. I will try on 10.1 FP1 and 9.5.2 later today.
Why are you using IntegratedSecurityMode=5? Do you also use Cognos Contributor? If not, this can be a problem. In our case we don't user Contributor so I set IntegratedSecurityMode=4.
BTW, I also tested Cognos v10.1 fixpack 1 and tm1 v9.5.2 without fixes a month ago and everything was working fine in our case. But at the moment we have decided to stay on Cognos BI v8.4.1.