Set Access to a Secured Function or Feature

You set access to the secured functions and features by granting execute permissions  for them to specified namespaces, users, groups, or roles. If you set permissions for a secured feature, you must grant execute permissions for the feature and traverse permissions for its parent secured function. For example, to grant access to Report Studio and all its functionality, you grant execute permissions for the Report Studio secured function. If you want to grant access only to the Create/Delete secured feature within Report Studio, grant traverse permissions for the Report Studio secured function and execute permissions for the Create/Delete secured feature.

You must have set policy permissions to administer secured functions and features. Typically, this is done by directory administrators.

Before you start setting permissions on capabilities, ensure that the initial security settings are already changed.

Steps

1. In IBM Cognos Connection, in the upper-right corner, click Launch, IBM Cognos Administration.

2. On the Security tab, click Capabilities.

   A list of available secured functions appears.

3. Choose whether to set access for a function or for a feature:

   • To set access for a function, click the actions button  next to the function name, and click Set properties.

   • To set access for a feature, click the actions button next to the feature name, and click Set properties.

   Tip: Functions that have secured features have links.

4. Click the Permissions tab.

5. Choose whether to use the permissions of the parent entry or specify different permissions:

   • To use the permissions of the parent entry, clear the Override the access permissions acquired from the parent entry check box, and click OK.

   • To set access permissions explicitly for the entry, select the Override the access permissions acquired from the parent entry check box, and then perform the remaining steps.

6. If you want to remove an entry from the list, select its check box and click Remove.

   Tip: To select or deselect all entries in a page, click Select all or Deselect all at the bottom of the list.

7. If you want to add new entries to the list, click Add and choose how to select entries:

   • To choose from listed entries, click the appropriate namespace, and then select the check boxes next to the users, groups, or roles.

   • To search for entries, click Search and in the Search string box, type the phrase you want to search for. For search options, click Edit. Find and click the entry you want.

   • To type the name of entries you want to add, click Type and type the names of groups, roles, or users using the following format, where a semicolon (;) separates each entry:

     namespace/group_name;namespace/role_name;namespace/user_name;

     Here is an example:

     Cognos/Authors;LDAP/scarter;

8. Click the right-arrow button and when the entries you want appear in the Selected entries box, click OK.

   Tips: To remove entries from the Selected entries list, select them and click Remove. To select all entries in a list, click the check box in the upper-left corner of the list. To make the user entries visible, click Show users in the list.

9. Select the check box next to the entry for which you want to set access to the function or feature.

10. In the box next to the list, select the proper check boxes to grant execute permissions  for the entry.

11. Click Apply.

    In the Permissions column, an icon that denotes the execute permissions granted appears next to the namespace, user, group, or role.

12. Repeat steps 8 to 10 for each entry.

13. Click OK.