Securing the content store

To ensure its security and integrity, the content store is accessed by the Content Manager service using single database signon specified in IBM® Cognos® Configuration. The database signon is encrypted according to your encryption standards. However, the content store security relies not only on the IBM Cognos BI security but also on the native database security, operating system security, and network security.

For securing your database, follow these guidelines:

Secure the database and the database API using the mechanisms provided by the database, the network, and the operating system.
Assign a limited number of users to maintain the database.
Use your database native security to grant only minimum permissions to the user accounts that access the database, as follows:
- Microsoft SQL Server
  Users must have create and drop table permissions for the database. Ensure that the user account is a member of the db_ddladmin, db_datareader, and db_datawriter roles, and the owner of their default schema.
- ORACLE
  Users must have permissions to connect to the database. Also, they must be able to create, alter, and drop tables, triggers, views, procedures, and sequences, as well as insert, update, and delete data in the database tables. The permissions must be granted to the user account directly, and not through a group or role membership.
- DB2
  Users must have the create, drop table, CREATETAB, CONNECT and IMPLICITSCHEMA permissions for the database. Also, they must have USE permissions for the USER TEMPORARY tablespace and other appropriate tablespaces associated with the database.
- Sybase Adaptive Server Enterprise
  Users must have create, drop table, create default, create procedure, create rule, create table, and create view permissions for the database.
Limit the number of users who have read or write access for the Content Manager tables.
Follow other recommendations on securing the database. For information, see the database documentation.