Built-in entries

The built-in entries include the Anonymous user account, the groups All Authenticated Users and Everyone, and the roles System Administrators and Tenant Administrators. You cannot delete the built-in entries. They appear in both secured and non-secured environments.

Anonymous

This entry represents a user account shared by members of the general public who can access IBM® Cognos® software without being prompted for authentication. For example, this type of access is useful when distributing an online catalog.

Anonymous users can see only those entries for which access permissions are not set, or are set specifically for this account or for the Everyone group.

You can disable the Anonymous user account by changing the configuration parameters in the configuration tool.

All Authenticated Users

This group represents users who are authenticated by authentication providers. The membership of this group is maintained by the product and cannot be viewed or altered.

You cannot deploy this group. For more information, see Including Cognos Groups and Roles.

Everyone

This group represents all authenticated users and the Anonymous user account. The membership of this group is maintained by the product and cannot be viewed or altered.

You can use the Everyone group to set default security quickly. For example, to secure a report, you grant read, write, or execute permissions to the report for the Everyone group. After this security is in place, you can grant access to the report to other users, groups, or roles, and remove the group Everyone from the security policy for this report. Then, only users, groups, and roles that you specified have access granted to the report.

You can use the Everyone group to apply security during deployment, see Security and Deployment, but you cannot deploy the group itself. For more information, see Including Cognos Groups and Roles.

System Administrators

This is a special role in IBM Cognos software. Members of this role are considered root users or super users. They may access and modify any object in the content store, regardless of any security policies set for the object. Only members of the System Administrators role can modify the membership of this role.

The System Administrators role cannot be empty. If you do not want to use System Administrators, you can create an empty group in the Cognos namespace or in your authentication provider, and add this group to the membership of the System Administrators role.

When this role is created during the content store initialization, the group Everyone is included in its membership. This means that all users have unrestricted access to the content store. Immediately after installing and configuring IBM Cognos software, you must modify the initial security settings for this role and remove the group Everyone from its membership. For more information, see Security settings after installation.

You can deploy this role, including Cognos Groups and Roles. For more information, see Including Cognos Groups and Roles.

Tenant Administrators

This role is used in a multitenant IBM Cognos environment. Members of this role can administer multiple tenants.

When this role is created during the content store initialization, it has no members and capabilities. Only System Administrators can add members and assign access permissions and capabilities for this role.