Setting security controls at the data level ensures that specific groups of users can access only specific data that falls within their purview, thereby maximizing access to sensitive data.
Framework Manager is a modeling tool for Cognos, and when the framework manager establishes the http://www.aliyun.com/zixun/aggregation/14208.html "> data model, We can establish different data security access levels for the same query object by introducing different user groups or roles to allow different groups of users to access different subsets of data for the same query object. Setting up security controls at the data level ensures that specific groups of users can access only specific data that falls within their purview, ensuring access to sensitive data to a large extent. In addition, there are many BI applications that share the same Cognos environment in Cognos deployments, so securing sensitive data is important in the practical application of Cognos.
This article discusses how to implement data-level security control in the Cognos Framework Manager model in the following four areas.
What is Congos FM data level security control
Framework Manager is a client based model modeling tool for Cognos, which is a collection of related relational objects that are used to serve one or more relational report applications. The relational model is the basis of multidimensional model.
Figure 1. Framework Manager Workflow
The content of this article will be to set the Security section.
In Framework Manager, security control is a way to control access to Cognos product data and metadata. Security is set in FM, which controls access to the contents of the selected user, group, or role.
FM security control can be divided into three kinds:
Data security
The data that is used to constrain the query object is returned and used in a specific query object. When a report developer develops a report based on this query object, it controls which data should be returned to the customer. Object security
setting allows a user to access an object directly, or to prevent a user from accessing an object, or to hide an object from some users. The object here refers to the query object, the query item, or the filter condition. Package security
The packet security inside FM refers to who has permission to use the package in Cognos Stuido (Querystudio,reportstuido, etc.), or whether there is a permission in the Cognos Connection to run a report that uses the package.
We mainly discuss data security in this article. If you are interested in other security settings, refer to the FM User Wizard.
The data security control on FM refers to the data security filtering of the query object in FM. There is a lot of data in a query object, and some business constraints specific user groups can only query the subset data of the query object, not all the data. If a user belongs to more than one group and the Groups Act on the data security filter for FM, the end-user's final data access will be a collection of permissions for all users. Instead of the intersection. For example, a user belongs to a group that can access data from the Asia Pacific region, but also a group that allows access to North American data, and the final Access data permission will be the Asia Pacific Data + North American region data.