Configure the IBMConnectionsMetricsAdmin
role
in Cognos® Business Intelligence
to ensure that the Metrics administrator has access to features and
reports.
Before you begin
The default custom authentication provider is configured
automatically in Cognos during
installation and configuration. When configuring the IBMConnectionsMetricsAdmin
role,
you must be logged in using the Cognos administrator account specified
during Cognos installation. If the Cognos administrator
cannot view and add other users, consult your LDAP administrator.
Note: After completing this configuration, all users who can access the global metrics also become
administrators of Cognos BI. If you are concerned about the Cognos security control, perform the
following steps to limit these Metrics users only to be able to view global metrics but not to have
administrator rights for Cognos.
- Perform steps 3 through 7 to add the global metrics users who do not need to have administrator
rights to the
IBMConnectionsMetricsReader
role instead.
- Repeat step 8 to remove these users from the member list of
IBMConnectionsMetricsAdmin
role.
About this task
After you have configured LDAP authentication for Cognos Business Intelligence,
you must configure the
IBMConnectionsMetricsAdmin
role
so that specified LDAP users can access Cognos features. In particular, you will want
to add the following users to this role:
- The user assigned to the Cognos administrator account
The Cognos administrator is the primary
person responsible for configuring Cognos features
and reports.
- All users who have been assigned to the admin role for Connections
Anyone
tasked with administering the Connections deployment should have access
to Cognos features to ensure
they can manage the full deployment as needed.
- All users who have been assigned to the metrics-report-run role
Users
who have been authorized to run global metrics reports require access
to Cognos before they can work with the reports. You can also add
these users to IBMConnectionsMetricsReader
role instead,
if you do not want the users to become administrators of Cognos BI.
Procedure
- Set cognos.admin.username as an
administrator for WebSphere Application
Server as follows:
Note: This setting should have been configured automatically by the Cognos Installation
Wizard. Check the setting in the Deployment Manager (DM) Console. Only perform the following steps
if the Cognos administrative user cannot be found in the Administrator role of
DM.
cognos.admin.username is a substitution variable, not a literal
string that you need to add. The actual string is the variable's value set in the
cognos-setup.properties file. The path information for that file should be
provided, which can be found by inspecting the
COG_ROOT WAS environment
variable.
- Start the Deployment Manager (DM) and then log into the DM.
- Click and then click Add.
- Select Administrator from Roles and then search
for the user cognos.admin.username, which is specified in
cognos-setup.properties file.
- Select the target user and click the move button to move the user name to the Mapped
to role field.
- Click OK and then click Save.
- Log out of the DM.
- Restart the DM and the nodes.
- Restart Cognos server.
- Log into the DM using cognos.admin.username. Make sure the user
cognos.admin.username can search for users and groups in WebSphere Application Server Integrated Solutions Console.
- Use a browser to navigate to the Cognos deployment with the following address: http://Host_Name:Port/Context_Root/servlet/dispatch/ext
where:
Host_Name
is the fully qualified
host name of the Cognos server;
for example, host.example.com. This value is
specified in the was.fqdn.hostname
property in the cognos-setup.properties file
used for installing the server.
Port
is the port that the Cognos server is listening on. To find the port, in the Integrated
Solutions Console, navigate to and locating the value of WC_defaulthost.
Context_Root
is the context
root to which you installed the Cognos server;
for example, cognos
. This value is specified in the ognos.contextroot
property
in the cognos-setup.properties file; its default
value is "cognos".
- Log in to Cognos using
the Cognos administrator
account that you set up previously.
- On the next page, click Launch and
then select IBM Cognos Administration.
- Select the Security tab.
- On the Directory page, select Cognos from
the list.
- Add users to the
IBMConnectionsMetricsAdmin
role:
- Locate the IBMConnectionsMetricsAdmin role
and click the More button that follows it.
By default the list displays 15 roles at a time. To see more
roles, use the arrow keys to scroll through the list or edit the number
of entries displayed at one time.
- Click the Set properties icon.
- In the properties window, click the Members tab,
and then click Add.
- In the Add window, click Show
users in the list.
- Select the directory named with the value specified
in
cognos.namespace
in cognos-setup.properties file
from the Directory list.
- Select all users who require administrator access to Cognos Business Intelligence,
and click Add to add them to the role.
Use the
Search button to search for
a particular user. Remember to add at least the following users:
- The Cognos administrator
- All Connections administrators
- All users assigned to the metrics-report-run role
Note: If a folder icon displays next to a user’s name and you
cannot select that user, this may indicate the Cognos is treating the user as a folder instead
of as a user. For instructions on correcting this problem, see
Troubleshooting
the Cognos BI Server.
- Click OK to save the change.
- Limit access to the
System Administrators
role
by removing Everyone
from the members list:
- Back in the Cognos roles
list, locate the System Administrators role
click the More button that follows it.
- Click the Set properties icon.
- In the properties window, click the Members tab.
- In the Members window, select Everyone,
and then click Remove to delete it from the
list of members.
- Click OK to save the change.
- Disable the anonymous access for Cognos BI server using the Cognos Configuration tool as follows:
Note: If your AIX® or Linux™ server does not support a
graphical user interface, refer to the sample in
Configuring HTTP manually
for Cognos BI Server to
see how to modify the Cognos configuration
setting without a graphical user interface by editing the
cogstartup.xml file.
- Navigate to the /bin64 subdirectory of the Cognos BI Server installation
directory, for example:
- AIX or Linux: /opt/IBM/Cognos64/bin64/
- Windows™:
C:\COG_ROOT\Cognos\bin64
- Start the Cognos Configuration
tool by running the following command:
- AIX or Linux: ./cogconfig.sh
- Windows: cogconfigw.exe
- Expand to set Allow
anonymous access? to False.
- Click .
- Exit the Cognos Configuration
tool, making sure to select No at the following
prompt:
The service 'IBM Cognos' is not running on the local computer. Before you can use it your computer must start the service. Do you want to start this service before exiting?
- Restart Cognos server.