Contributor Security in 10.1

[johnturner]

I've just gone through the joys of an upgrade from Cognos Express 9.5 to 10.1, and thought I could share a few things of note.

If you upgrade CX from 9.5 to 10.1 and reimport a backup that has some of your approval nodes as submitted, these can create a lock on the respective elements in 10.1. This does not seem to be used by the CX security model but merely hangs around to stop any actuals loads from working! I had to run }tp_admin_delete_all and rebuild my planning model to free up the relevant element properties cube.

10.1 can't cope with dynamic approval hierarchies so it seems you have to make 'em static.

If you recreate a Planning application, you may need to delete all .ADMIN, .MODEL, and .SECURITY files from C:\Program Files (x86)\IBM\Cognos Express\webapps\pmpsvc\WEB-INF\applications before you can redeploy (a model with the same name)

However, I still haven't figured out how Contributor security works in 10.1. Do any of you fine people know which control cubes are affected when a user hits the papa-smurf-grab-a-node (take ownership) button in 10.1 ?? In 9.5 it merely shifted people to the relevant }tp_owner group for the duration, but these don't exist in 10.1.

Any help appreciated!!

[LanceTylor]

Hi John (all),

Have you managed to figure out how security has changed in CX 10.1? I can't seem to find documenation that outlines how the contributor security works or more specifically how the tp cubes and processes link together.....have you had any luck?

The reason I ask is that I went through the same upgrade and seem to be having an issue with a couple contributor nodes. Some work and some dont??

To explain,
All users with permissions can take ownership (release, submit etc...) but are unable to write anything to 2 out 40 contributor nodes? Its set to read-only? I looked at the cube/dimension/element security we have setup and there is nothing different between elements in the approval hierarchy (40 Contributor Nodes).

I am going to continue to investigate but if you have encountered this and have any suggestions it would be much appreciated.

Thanks
Lance

[mvaspal]

Have you managed to figure out how security has changed in CX 10.1?

One thing I realized is that 10.1 applies data reservation for Contributor applications. It ensures that users who do not have ownership of a node, are not able to edit data outside of the Contributor apps as they could have done it in earlier versions. (The status 'Work in Progress' coming from CP has also changed to 'Reserved' now.)
At least for me, it was disturbing when a user took ownership in Contributor and another user having WRITE access could have modified the same element in Excel for example.


You can query your data reservations using the TI process 'CubeDataReservationGet'.

[mvaspal]

UPDATE: To be more precise: when you modify Rights in Performance Modeler, changes are saved to element security -> }ElementSecurity_ApprovalDimName cube created/modified. At this stage, more than one user group/user might have WRITE access to a node. But as soon as you take ownership you are the only user who is able to edit the node's data due to the data reservation feature. At the same time, element security itself is not affected by taking the ownership.