Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Copyright
Copyright © 2008 Cognos ULC (formerly Cognos Incorporated). Cognos ULC
is an IBM Company. While every attempt has been made to ensure that the
information in this document is accurate and complete, some typographical
errors or technical inaccuracies may exist. Cognos does not accept
responsibility for any kind of loss resulting from the use of information
contained in this document. This document shows the publication date. The
information contained in this document is subject to change without notice.
Any improvements or changes to the information contained in this document
will be documented in subsequent editions. This document contains
proprietary information of Cognos. All rights are reserved. No part of this
document may be copied, photocopied, reproduced, stored in a retrieval
system, transmitted in any form or by any means, or translated into another
language without the prior written consent of Cognos. Cognos and the
Cognos logo are trademarks of Cognos ULC (formerly Cognos Incorporated)
in the United States and/or other countries. IBM and the IBM logo are
trademarks of International Business Machines Corporation in the United
States, or other countries, or both. All other names are trademarks or
registered trademarks of their respective companies. Information about
Cognos products can be found at www.cognos.com
This document is maintained by the Best Practices, Product and Technology
team. You can send comments, suggestions, and additions to
cscogpp@ca.ibm.com .
Contents
1. INTRODUCTION ............................................................................................ 4
1.1 PRE-REQUISITES ...................................................................................................4
2. CONFIGURING LDAP FOR THE SECURITY EXAMPLE .................................... 4
3. MODIFYING THE FRAMEWORK MANAGER MODEL....................................... 6
3.1 OPEN THE GO SALES DATA WAREHOUSE MODEL ............................................................6
3.2 CREATE THE PARAMETER MAP ...................................................................................6
3.3 APPLY THE SECURITY MAP AND SESSION PARAMETER .......................................................7
3.4 CONFIRM THE RESULT BY LOGGING ON AS DIFFERENT USERS. ............................................ 10
4. CSV.............................................................................................................. 11
4.1 CSVIDENTITYNAME AND CSVIDENTITYNAMELIST......................................................... 11
5. IBM COGNOS SESSION VARIABLES............................................................ 12
1 INTRODUCTION
We will add a security filter to a Query Subject to limit the user’s view of the
data.
1.1 Pre-requisites
• Configure an LDAP
• Add users to directory server
• Configure IBM Cognos Configuration for the LDAP Server
1 Open that instance of the directory server and Import the users from the
LDIF file named addusers.ldif using the Import Database Option
2 Browse for the addusers.ldif file. This completes the configuration of the
directory server with 7 users
Note: steps (a) and (b) must be LDAP for the script and (c) must be
(uid=${userID}) all others may vary based on the directory server creation
In this example we are going to modify the Employee detail fact Query
Subject to add security filters. This Query Subject contains sensitive
employee data (Salary, Vacation Days, Sick Days etc). We are going to
restrict the user who is signed on to see only the data applicable to his/her
employee record.
Using the Project Viewer, locate the Parameter Map Folder and select the
Create Parameter Map option from the context menu
Using the wizard name the Parameter Map Security_Map and select the
option to “Manually enter the parameter keys, and/or import them from a
file”
The definition of the Employee detail Fact Query Subject will be displayed
Click the Filters tab and then click the button to add a new filter
Create the following Filter expression using Model tab to insert the name of
the query item
([Fact data].[Employee detail fact].[Staff key]
and the Parameters tab to add
#$Security_Map{ $account.personalInfo.userName}#
Hint to see all Session values select the Session Parameters from the Project
Menu; it will display the following dialog box with the option to override the
values
To confirm the security filter works correctly log on to the FM Model and test
the Employee detail fact Query Subject using different users.
List of Users
AOrozco
ARodriguez
AWalter
ALastman
AMcCormick
AWilcox
BScott
For best results add the Staff_Name from the Staff_Dimension to the
Employee detail fact Query Subject this will validate the user name matches
the value in the Staff dimension.
4 CSV
4.1 CSVIdentityName and CSVIdentityNameList
CSVIdentityName
Syntax
CSVIdentityName ( $parameter_map_name [ , separator_string ] )
Example
#CSVIdentityName ( $security_clearance_level_map )#
CSVIdentityNameList
Returns the pieces of the user's identity (account name, group names, role names) as
a list of strings. The unique list of values is returned as a string, where each
value is surrounded by single quotes and where multiple values are separated
by commas.
Syntax
CSVIdentityNameList ( [ separator_string ] )
Example
#CSVIdentityNameList ( )#
# sq(CSVIdentityNameList( )) # as List,
Note: sq; single quote function must be added because the value returned is
a string and the ‘as’ must be used to alias the name (in this example the
column name will be aliased as the name List)
List of Users
AOrozco
ARodriguez
AWalter
ALastman
AMcCormick
AWilcox
BScott