Secured Functions and Features

The secured functions and secured features within the functions, which are also referred to as capabilities, control access to different administration tasks and different functional areas of the user interface in IBM® Cognos® software.

Examples of the secured functions are Administration and Report Studio. Examples of the secured features are User Defined SQL and Bursting.

Content Manager reads the users' permissions at logon time. Depending on the permissions for the secured functions and features, users can access specific components and perform specific tasks in IBM Cognos software.

When a content store is initialized, the initial permissions for the secured functions and features are created. The permissions define which of the predefined and built-in Cognos groups and roles have access to which secured functions and features, and the type of access. The initial permissions grant unrestricted access to IBM Cognos software because the built-in role System Administrators includes the group Everyone in its membership. You must remove the group Everyone from the membership of System Administrators before you start setting access to capabilities. For more information, see Initial security.

When running a report using the Run as the owner option, the capabilities of the owner are used for bursting and report layout properties in the HTML format. All other capabilities are based on the user who runs the report.

Administrators set up access to secured functions and features using the Capabilities page on the Security tab in IBM Cognos Administration. For more information, see Setting Access to Secured Functions or Features.

Users can see a list of the secured functions and features available to them in My Area Options My area icon of the portal, in My Preferences, Personal, the Capabilities section.

For more information, see Initial access permissions for capabilities.

Adaptive Analytics

This secured function controls access to the reports packaged using Adaptive Analytics.

Administration

This secured function contains the secured features that control access to the administration pages that you use to administer IBM Cognos software. System administrators can use this capability to delegate administration tasks to different administrators.

The following secured features are associated with this function:

  • Adaptive Analytics Administration

    Users can access Adaptive Analytics to perform administrative tasks.

  • Administration tasks

    Users can access Content Administration on the Configuration tab in IBM Cognos Administration to administer exports, imports, index updates, consistency checks, and report updates.

  • Configure and manage the system

    Users can access System on the Status tab and Dispatchers and Services on the Configuration tab in IBM Cognos Administration to configure dispatchers and services, and to manage the system.

  • Controller Administration

    Users can use the administrative functions of IBM Cognos Controller.

  • Data Source Connections

    Users can access Data Source Connections on the Configuration tab in IBM Cognos Administration to define data sources, connections, and signons.

  • Distribution Lists and Contacts

    Users can access Distribution Lists and Contacts on the Configuration tab in IBM Cognos Administration to manage distribution lists and contacts.

  • Library Administration

    Members can access, import, and administer the contents of the Library tab in IBM Cognos Administration.

  • Metric Studio Administration

    Users can create new metric packages using the new metric package wizard in IBM Cognos Connection, and access the Tools menu in Metric Studio.

  • Mobile Administration

    Users can administer IBM Cognos Mobile services and applications.

  • My Data Sets Administration

    Users can access the Data Sets page on the Status tab, and can administer the data sets.

  • Planning Administration

    Users can access IBM Cognos Planning Contributor Administration Console and IBM Cognos Planning Analyst to perform administration tasks.

  • PowerPlay Servers

    User is given limited access to the IBM Cognos Administration pages. This includes access to the PowerPlay® page and the ability to set PowerPlay properties.

  • Printers

    Users can access Printers on the Configuration tab in IBM Cognos Administration to manage printers.

  • Query Service Administration

    Users can access the Status > Data Stores page in IBM Cognos Administration to manage dynamic cubes. Users can perform operations on cubes, such as starting and stopping cubes, refreshing the data cache, and creating and scheduling query service tasks.

  • Run activities and schedules

    Users can access Current Activities, Past Activities, Upcoming Activities and Schedules on the Status tab in IBM Cognos Administration to monitor the server activities and manage schedules. To grant access to the scheduling functionality independently from the monitoring functionality, use the Scheduling capability.

  • Set capabilities and manage UI profiles

    Users can access Capabilities and User Interface Profiles on the Security tab in IBM Cognos Administration to manage the secured functions and features and the Report Studio user interface profiles.

  • Styles and portlets

    Users can access Styles and Portlets on the Configuration tab in IBM Cognos Administration to manage styles and portlets.

  • Users, Groups and Roles

    Users can access Users, Groups and Roles on the Security tab in IBM Cognos Administration to manage namespaces, users, groups, and roles.

Analysis Studio

This secured function controls access to IBM Cognos Analysis Studio. Users with access to this studio explore, analyze, and compare dimensional data, find meaningful information in large data sources, and answer business questions.

Cognos Insight

This secured function controls access to IBM Cognos Insight. Users with access to this tool work with complicated data sources to discover, visualize, and plan in easy to use workspaces.

Cognos Viewer

This secured function controls access to IBM Cognos Viewer, which you use to view reports.

The secured features associated with this function are

  • Context Menu

    Users can use the context menu in IBM Cognos Viewer.

    Note: To see the context menu, users must have access to both the Selection and Context Menu secured features.

  • Run With Options

    Users can change the default run options. When users have no execute permissions for this feature, they cannot see the Run with options Run with options icon icon for reports in IBM Cognos Connection.

  • Selection

    Users can select text in lists and crosstabs.

  • Toolbar

    Users can see the IBM Cognos Viewer toolbar.

Collaborate

This secured function controls access to IBM Connections from within IBM Cognos.

The secured features associated with this function are:

  • Launch Collaboration Tools

    The secured feature allows users to launch IBM Connections from any Launch menu within the IBM Cognos Business Intelligence environment, including the Cognos Workspace Getting Started Page, and the Actions Menu. The links will go to the user's IBM Connections home page, if it is configured, or to Activities.

  • Allow Collaboration Features

    This secured feature controls access to the Collaborate icon and to IBM Connections Search Results within Cognos Workspace. Users must have access to create or view activities from within Cognos Workspace.

Controller Studio

This secured function controls access to IBM Cognos Controller.

Data Manager

This secured function controls access to IBM Cognos Data Manager.

Detailed Errors

This secured function controls access to viewing detailed error messages in the Web browser.

Drill Through Assistant

This secured function controls access to the drill-through debugging functionality in the drill-through Go To page and the drill-through definitions. Users who have this capability see additional information in the Go To page for each drill-through target. This information can help to debug a drill-through definition, or can be forwarded to the Cognos Software Services representative.

Event Studio

This secured function controls access to Event Studio.

Execute Indexed Search

This secured function controls access to the search of indexed content. This secured function does not appear until the Index Update Service has been started.

By default, Execute Indexed Search allows enhanced indexed search. When Execute Indexed Search is disabled, basic indexed search is provided.

Executive Dashboard

This secured function controls access to IBM Cognos Workspace. Users who have access to this function are granted basic permissions for the workspaces in Cognos Workspace. With this type of permissions, users can view the workspaces, drill up and down on the workspace data, add comments, print the workspaces, use slider filters, and select value filters if these filters are included in the workspace.

The following secured features, which are associated with the Executive Dashboard function, grant more extensive permissions for the workspace:

  • Use Advanced Dashboard Features

    Use this feature to grant the users maximum permissions for the workspace.

  • Use Interactive Dashboard Features

    Use this feature to grant the users permissions to access the workspace functions that allow interaction with the widget data. This includes access to the on-demand toolbar in the widget that provides options for interacting with the report data, such as sorting, deleting, resetting, swapping rows and columns, and changing the report display type.

External Repositories

This secured function controls access to external repositories. External repositories provide long-term storage for report content. When a connection to an external repository is specified for a package or folder, report output versions are copied to the repository automatically.

The secured features associated with this function are
  • Manage repository connections

    Users can set a repository connection on a package or folder if a data source connection already exists.

  • View external documents

    Users can view the report output stored in an external repository.

Generate CSV Output

With permissions for this secured function, users can generate report output in the delimited text (CSV) format. Without this capability, users do not see an option in the user interface to run reports in the CVS format.

Generate PDF Output

With permissions for this secured function, users can generate report output in the PDF format. Without this capability, users do not see an option in the user interface to run reports in the PDF format.

Generate XLS Output

With permissions for this secured function, users can generate report output in the Microsoft Excel spreadsheet (XLS) formats. Without this capability, users do not see an option in the user interface to run reports in the XLS formats.

Generate XML Output

With permissions for this secured function, users can generate report output in XML format. Without this capability, users do not see an option in the user interface to run reports in the XML format.

Glossary

This secured function controls access to the IBM InfoSphere® Business Glossary.

Hide Entries

This secured function specifies that a user can hide entries and view hidden entries in IBM Cognos software.

The Hide this entry check box appears on the General tab of the entries' properties pages. The Show hidden entries check box appears on the Preferences tab in user profiles, and on the General tab in My Area Options My area icon, My Preferences.

Import Relational Metadata

Specifies that a group can import relational metadata into a Framework Manager or Dynamic Cube Designer project using dynamic query mode.

By default, the System Administrator, Directory Administrator, and Report Administrators groups belong to this secured function.

If other groups require the ability to import relational metadata to a dynamic query mode project they must be added to the capability. For example, if you create a Framework Manager Users group and add your Framework Manager users to that group, you also need to add the group to the Import relational metadata secured function.

Lineage

This secured function controls access to the Lineage action. Use this to view information about data or metadata items from IBM Cognos Viewer, or from the source tree in Report Studio, Query Studio, and Analysis Studio.

Manage Own Data Source Signons

This secured function controls the ability to manage data source credentials on the Personal tab in My Preferences.

Metric Studio

This secured function controls access to Metric Studio.

The secured feature associated with this function is

  • Edit View

    Use the edit features of Metric Studio to edit metric content.

Mobile

This secured function controls access to IBM Cognos Mobile.

My Data Sets

This secured function controls access to My Data Sets. Using this functionality, users can import their own data from a CSV, XLS or XLSX file into IBM Cognos Business Intelligence, create a stand-alone package for the data, and generate reports from that data.

Planning Contributor

This secured function controls access to IBM Cognos Planning Contributor and IBM Cognos Planning Analyst.

PowerPlay Studio

This secured function controls access to PowerPlay Studio.

Query Studio

This secured function controls access to the Query Studio, which you use to create simple, ad hoc reports.

The secured feature associated with this function is

  • Create

    Create new reports and use the Save as option for new reports and custom views.

  • Advanced

    Use advanced authoring features, such as creating complex filters, formatting style, and multilingual support.

Report Studio

This secured function controls access to the Report Studio user interface and to the underlying report execution functionality. Users need execute permissions on this secured function to access the Report Studio user interface. Traverse or read permissions on this secured function might be needed to use the associated secured features, for example, to run reports created with custom SQL or embedded HTML.

The secured features associated with this function are:

  • Allow External Data

    Users can use external data in reports.

  • Bursting

    Users can author and run burst reports.

  • Create/Delete

    Users can create new reports, use the Save as option for new reports and report views, and change models.

  • HTML Items in Report

    Users can use the HTMLItem button and hyperlink elements of the report specification when authoring reports.

  • User Defined SQL

    Users can edit the SQL statements directly in the query specification and run the query specifications that contain the edited SQL statements.

    Tip: Restrictions on who can use this feature are not enforced in Framework Manager. For example, a Framework Manager user who does not have User Defined SQL rights in IBM Cognos Administration can still create a query subject and use manually created SQL queries to search a database.

Scheduling

This secured function controls access to the scheduling functionality for items that can be run, such as reports.

The secured features associated with this function are

  • Schedule by day

    Users can schedule entries daily.

  • Schedule by hour

    Users can schedule entries by the hour.

  • Schedule by minute

    Users can schedule entries by the minute.

    If a user is denied access to the Schedule by minute capability, 'by minute' scheduling is also denied for other capabilities that allow 'by minute' scheduling, for example, the Schedule by month capability.

  • Schedule by month

    Users can schedule entries monthly.

  • Schedule by trigger

    Users can schedule entries based on a trigger.

  • Schedule by week

    Users can schedule entries weekly.

  • Schedule by year

    Users can schedule entries yearly.

  • Scheduling Priority

    Users can set up and change the processing priority of scheduled entries.

Self Service Package Wizard

This secured function controls the ability to select which data sources can be used to create a package. For more information, see Select Which Data Sources Can Be Used to Create a Package.

Set Entry-Specific Capabilities

This secured function specifies that a user can set up capabilities at an entry level.

The Capabilities tab appears in the Set properties pages for packages and folders for users who have this capability and who have set policy permissions for the entry or who own the entry.

Specification Execution

This secured function specifies that a user or Software Development Kit application can use an inline specification.

IBM Cognos BI studios and some services use inline specifications internally to perform tasks. The service running the specification tests a number of capabilities to ensure that the user is entitled to use the inline specification. For more information, see the runSpecification method in the Developer Guide.

This capability is required to author Data Manager tasks.

Watch Rules

This secured function controls access to the Rules tab in My Watch Items in IBM Cognos Connection. Use this secured function to create and run watch rules.

Related tasks:
Restricting searches of IBM Cognos content