Set access permissions for an entry

Setting access permissions for an entry includes creating new permissions or updating existing permissions. You can specify access permissions for all entries in IBM® Cognos® software. Some examples of such entries are reports, queries, analyses, packages, agents, metrics, namespaces, groups, users, or dispatchers. You can reference users, group and roles from different namespaces in a security policy for an entry.

If you plan to reference entries from multiple namespaces, log on to each namespace before you start setting access permissions. Otherwise, entries in namespaces to which you are not logged on are shown as Unavailable.

Entries referenced by a security policy may also be shown as Unavailable when

the entries were recently deleted from an external namespace.
IBM Cognos software has no control over the content of security providers.
the entries are associated with an external namespace that was recently deleted.
To avoid this issue, run the consistency check type of content maintenance task selecting the option References to external namespaces. Content Manager deletes entries associated with the deleted namespaces from security policies.

For more information, see Content store maintenance tasks.

To administer security, you must have set policy permissions. For more information, see Access Permissions and Credentials.

Procedure

In IBM Cognos software, locate the entry for which you want to set access permissions.
In the Actions column, click the set properties button for the entry.
In the Set properties page, click the Permissions tab.
Choose whether to use the permissions of the parent entry or specify permissions specifically for the entry:
- To use the permissions of the parent entry, clear the Override the access permissions acquired from the parent entry check box, then click OK if you are prompted to use the parent permissions. Click OK.
- To set access permissions for the entry, select the Override the access permissions acquired from the parent entry check box, then proceed to step 5.
If you want to remove an entry from the list, select its check box and click Remove.
Tip: To select all entries in the list, select the check box for the list.
To specify the entries for which you want to grant or deny access, click Add, then choose how to select entries:
- To choose from listed entries, click the appropriate namespace, and then select the check boxes next to the users, groups, or roles.
- To search for entries, click Search and in the Search string box, type the phrase you want to search for. For search options, click Edit. Find and click the entry you want.
- To type the name of entries you want to add, click Type and type the names of groups, roles, or users using the following format, where a semicolon (;) separates each entry:
  namespace/group_name;namespace/role_name;namespace/user_name;
  
  Here is an example:
  
  Cognos/Authors;LDAP/scarter;
Click the right-arrow button and when the entries you want appear in the Selected entries box, click OK.
Tip: To remove entries from the Selected entries list, select them and click Remove. To select all entries in the list, select the check box for the list. To make the user entries visible, click Show users in the list.
For each entry in the list, in the box next to the list, select or clear check boxes to specify what type of access you want to grant or deny.
Click OK.
In the Permissions column, an icon appears next to the user, group, or role. This icon represents the type of access granted or denied to the entry.
If you want to remove access permissions that were previously set for the child entries so that the child entries can acquire permissions set for this entry, in the Option section, select the Delete the access permissions of all child entries check box.
This option appears only with entries that are containers. You can use it to restrict access to a hierarchy of entries.

Warning: Select this option only when you are certain that changing access permissions of the child entries is safe.
Click OK.