Cognos Audit User: Read-Only to Everything

Question

We run a Cognos BI (12) instance with a somewhat complex permission structure. There's a need to add an audit user into the permission matrix with a completely new set of capabilities:

Read everything, but change nothing.

I have explored a few options in the app configuration, but couldn't find anything promising.

Has anyone had a similar need? How did you go about completing this task?

Thank you!

Answer 1

Your scenario as I understand it:

• Cognos Analytics is already configured and being used.
• Some folders and content receive inherited permissions, others use custom permissions.
• You need a new role to have the ability to traverse all folders in both Team Content and My Content and read all content (reports, data sets, data modules, etc.).

First: Not possible. In order to traverse and read My Content, the user must be an administrator.

For Team Content, the Cognos Analytics SDK may help you if you can code something up in Java that will inspect and adjust permissions on all objects. Short of that, you'll need to manually update permissions at the top and everywhere they are not inherited. I did this recently for 1200 folders containing 19000 reports and other content. It really didn't take much time. Maybe a couple of days.

Another option is to use the Cognos Analytics SDK to develop an application that provides the audit team what they need. The application will run as a Cognos Administrator, but there should be no risk if its features are limited to the business needs.

If you choose to use the Cognos Analytics SDK, be aware that there may be licensing implications. I don't use it, so I don't know or care at this time.