Thoughts on Security in Cognos 8 BI posted by Rob Schlank - 3/18/09 4:29:23 PMIn many BI deployments it is desirable to implement security at the data
level. This is useful in situations where users should be restricted to data
for specific entities such as Companies or Customers, specific geographic
areas, sales territories, etc. One way to accomplish this is in the Database
Management System (DBMS) itself, which requires robust management tools or
procedures, significant database administration tasks and ongoing maintenance
as the security picture changes, i.e. people are hired, promoted, relocated,
etc.
Security implementation at the DBMS level is desirable and necessary in some
instances. For example, large corporations with sophisticated users running
ad-hoc queries against the data warehouse with SQL development tools, or
complex security requirements such as external users (Customers for example)
who will have access to the system.
For the small to mid-sized corporation without a large IT department
however, managing data level security can quickly become overwhelming. Using
Cognos 8 BI, security can be implemented in the Framework Manager Model and can
leverage your existing corporate security strategy. Additional development and
maintenance tasks are minimized and your data is secured.
In Cognos 8 BI, Data level security is applied to reports through the use of
a filter embedded in the Framework Manager Model. The filter is applied to
reports by including any query item from the secured Query Subject(s). A table
is either created in the database or an existing table is used, but a field in
that table should match up with groups in the Authentication system in use. In
the authentication system, users are assigned to the groups that match the data
that they may access. When a user accesses the data model by running a report
or performing an ad-hoc query or analysis the applied filter reviews the user’s
group membership and allows access to those fields that match.
If secured users will have access to any of the Cognos 8 BI report authoring
Studios then data level security should be applied to all sensitive query
subjects. If on the other hand, secured users will only have access to
pre-authored reports, these reports can be secured by simply including an item
from a single secured query subject, usually the one that maps to the
authentication system groups. Reports can then be authored to include a prompt
which allows users to select from a list of all entities that they are entitled
to.
Once this filter is applied to the model, no other modifications to the
model are necessary. When a new user requires access, they are added to the
necessary groups by the Authentication System Administrator. If a user
switches departments or leaves the company the Authentication System
Administrator makes the appropriate changes to group membership as they would
anyway.
There are situations where a complex, database level security strategy is
necessary. For most corporations however, security should not become an
obstacle to getting the critical intelligence needed to drive growth. Cognos 8
BI can help to provide you with the information you need while keeping it
secure.
|