Configuring the IBMConnectionsMetricsAdmin role on Cognos®
Configure the IBMConnectionsMetricsAdmin
role
in Cognos® Business Intelligence
to ensure that the Metrics administrator has access to features and
reports.
Before you begin
The default custom authentication provider is configured
automatically in Cognos® during
installation and configuration. When configuring the IBMConnectionsMetricsAdmin
role,
you must be logged in using the Cognos® administrator account specified
during Cognos installation. If the Cognos® administrator
cannot view and add other users, consult your LDAP administrator.
- Perform steps 3 through 7 to add the global metrics users who do not need to have administrator
rights to the
IBMConnectionsMetricsReader
role instead. - Repeat step 8 to remove these users from the member list of
IBMConnectionsMetricsAdmin
role.
About this task
IBMConnectionsMetricsAdmin
role
so that specified LDAP users can access Cognos® features. In particular, you will want
to add the following users to this role:- The user assigned to the Cognos® administrator account
The Cognos® administrator is the primary person responsible for configuring Cognos® features and reports.
- All users who have been assigned to the admin role for Connections
Anyone tasked with administering the Connections deployment should have access to Cognos® features to ensure they can manage the full deployment as needed.
- All users who have been assigned to the metrics-report-run role
Users who have been authorized to run global metrics reports require access to Cognos before they can work with the reports. You can also add these users to
IBMConnectionsMetricsReader
role instead, if you do not want the users to become administrators of Cognos BI.
Procedure
- Set cognos.admin.username as an
administrator for WebSphere® Application
Server as follows:Note: This setting should have been configured automatically by the Cognos Installation Wizard. Check the setting in the Deployment Manager (DM) Console. Only perform the following steps if the Cognos administrative user cannot be found in the Administrator role of DM.cognos.admin.username is a substitution variable, not a literal string that you need to add. The actual string is the variable's value set in the cognos-setup.properties file. The path information for that file should be provided, which can be found by inspecting the COG_ROOT WAS environment variable.
- Start the Deployment Manager (DM) and then log into the DM.
- Click Add. and then click
- Select Administrator from Roles and then search for the user cognos.admin.username, which is specified in cognos-setup.properties file.
- Select the target user and click the move button to move the user name to the Mapped to role field.
- Click OK and then click Save.
- Log out of the DM.
- Restart the DM and the nodes.
- Restart Cognos® server.
- Log into the DM using cognos.admin.username. Make sure the user cognos.admin.username can search for users and groups in WebSphere® Application Server Integrated Solutions Console.
- Use a browser to navigate to the Cognos® deployment with the following address: http://Host_Name:Port/Context_Root/servlet/dispatch/ext
where:
Host_Name
is the fully qualified host name of the Cognos® server; for example, host.example.com. This value is specified in thewas.fqdn.hostname
property in the cognos-setup.properties file used for installing the server.Port
is the port that the Cognos® server is listening on. To find the port, in the Integrated Solutions Console, navigate to and locating the value of WC_defaulthost.Context_Root
is the context root to which you installed the Cognos® server; for example,cognos
. This value is specified in theognos.contextroot
property in the cognos-setup.properties file; its default value is "cognos".
- Log in to Cognos® using the Cognos® administrator account that you set up previously.
- On the next page, click Launch and then select IBM Cognos Administration.
- Select the Security tab.
- On the Directory page, select Cognos from the list.
- Add users to the
IBMConnectionsMetricsAdmin
role: - Limit access to the
System Administrators
role by removingEveryone
from the members list:- Back in the Cognos® roles list, locate the System Administrators role click the More button that follows it.
- Click the Set properties icon.
- In the properties window, click the Members tab.
- In the Members window, select Everyone, and then click Remove to delete it from the list of members.
- Click OK to save the change.
- Disable the anonymous access for Cognos® BI server using the Cognos® Configuration tool as follows:
Note: If your AIX® or Linux™ server does not support a graphical user interface, refer to the sample in Configuring HTTP manually for Cognos® BI Server to see how to modify the Cognos® configuration setting without a graphical user interface by editing the cogstartup.xml file.
- Navigate to the /bin64 subdirectory of the Cognos® BI Server installation
directory, for example:
- AIX® or Linux™: /opt/IBM/Cognos64/bin64/
- Windows™: C:\COG_ROOT\Cognos\bin64
- Start the Cognos® Configuration
tool by running the following command:
- AIX® or Linux™: ./cogconfig.sh
- Windows™: cogconfigw.exe
- Expand Allow anonymous access? to False. to set
- Click .
- Exit the Cognos® Configuration
tool, making sure to select No at the following
prompt:
The service 'IBM Cognos' is not running on the local computer. Before you can use it your computer must start the service. Do you want to start this service before exiting?
- Restart Cognos® server.
- Navigate to the /bin64 subdirectory of the Cognos® BI Server installation
directory, for example: