IBM Cognos BI package data security
You can use the wbmUpdatePackageSecurity command to apply data security to IBM® Cognos® BI packages.
Purpose
The wbmUpdatePackageSecurity command sets Cognos cube package permissions based on users and groups. The data access permissions that were published during the initial cube package generation are overwritten by the latest Monitor data security permissions for the monitor model resource group.
Examples
- Batch mode
$AdminTask wbmUpdatePackageSecurity {-modelID modelID} - Interactive mode
$AdminTask wbmUpdatePackageSecurity {-interactive}
- Batch mode
AdminTask.wbmUpdatePackageSecurity('[-modelID modelID]') - Interactive mode
AdminTask.wbmUpdatePackageSecurity ('[-interactive]')
Permissions
- Read
- Write
- Traverse
- Set Policy
In addition, administrators have Set Policy permission.
Because all users, by default, are in the IBM Cognos BI System Administrators list, be sure to configure the IBM Cognos BI administrator user.
How access is applied
The way that access is applied depends on whether global security is on or off and if any users or groups are defined in monitor data security.
If global security is off, IBM Cognos BI packages are published without package security specified. Anyone who can access the IBM Cognos BI console can access a package.
- If no users or groups are defined in monitor data security, only the IBM Cognos BI administrator is added to the user access list of the package. Other users have no access to the package.
- If at least one user or group is defined in monitor data security, the user or group has user access (Execute, Read, Traverse, and Write permission) to the package.
- The IBM Cognos BI administrator
and users in the following IBM Cognos BI roles
have administration access (Read, Write, Traverse, and Set Policy
permission) to the package:
- Controller Administrators
- Metrics Administrators
- Planning Rights Administrators
- PowerPlay Administrators
- Report Administrators