Securing data sources
The IBM Cognos security for a data source does not override security policies that already exist for the data source. For example, for IBM Cognos cubes, the security may be set at the cube level. For Microsoft Analysis Server data sources, the security may be set using cube roles.
Depending on the data source, one or more of the following authentication methods are available:
- No authentication
IBM Cognos software logs on to the data source without providing any signon credentials.
- IBM Cognos service credentials
IBM Cognos software logs on to the data source using the logon specified for the IBM Cognos service. Users do not require individual database signons. For production environments, however, individual database signons are generally more appropriate.
- An external namespace
IBM Cognos software logs on to the data source with the credentials used to authenticate to the specified authentication namespace. The namespace must be active, users must be logged on prior to accessing the data source, and the authentication credentials used for the namespace must be relevant for the data source authentication.
If you select the Transform user identifier check box, the Cognos BI server removes the domain name from the user ID that is returned by the external namespace before establishing the database connection. The current implementation supports the user ID transformation for the following formats only:- domain_name\user_id - after transformation the user id would be user_id
- user_id@domain_name - after transformation the user id would be user_id
All data sources also support data source signons defined for the Everyone group or for individual users, groups, or roles, see Users, Groups, and Roles. If the data source requires a signon, but you do not have access to a signon for this data source, you are prompted for authentication each time you access the data source.