Sunday, February 15, 2009

ACCESS MANAGER



ACCESS MANAGER
•Access Manager provides a centralized environment to define, store, and maintain security information for Cognos business information applications.
•In one central location, you can set up and maintain secure user access to data, such as
–cubes
–reports
•With Access Manager, you can also set up and maintain user signon information and auto-access privileges for the data sources and servers that contain the required data.

Authentication Source
An authentication source contains security information about users, user classes, and the servers and data sources that users can access.
•You store connection information about your authentication sources in a Cognos Security Administration file (.csa).

Access Manager supports the following types of authentication sources:
–a namespace on LDAP directory server
–a local authentication export file (.lae)
•Use namespaces on a directory server when you have a large number of users who are connected to the same network as the directory server.
•Use .lae files when you have users who are not connected to the same network as the directory server, such as remote users or users working offline


Configuring Authentication Sourcefor Runtime
•To set runtime authentication source,
•Click Start à Program Files à cognos8 à Tools à Access Manager Configuration wizard.
•& select appropriate option from:
–Automated: sets the authentication source based on a Cognos security administration file (.csa). –Custom: the user sets the authentication source.
–Standard: the authentication sources have already been configured, and the user only wants to select the type of authentication source to use.
–SSL Configuration: the user selects the location of the Sun ONE Certificate Database file (Cert7.db).




Authentication Source types
•The main source of authentication data used by Access Manager is a namespace on an LDAP directory server.
•You can also use local authentication export files (.lae), which enable single users to access authentication data remotely, who are not connected to the same network as the directory server.

Access Manager Namespace
•A namespace in Access Manager contains the security information for one or more Cognos applications.
•Namespaces can be stored on a directory server, or in a .lae file. Using a directory server eliminates the need to distribute separate files to each user to enforce security.

Adding a namespace

•If you create a new .lae file, it is empty & you need to add a namespace to it.
•Right click on .lae file in Authentication Information pane à add namespace
•Specify name & settings such as Sign-ons, anonymous access control, password options etc.
•Click OK.

User Classes
•User classes represent groups of users with identical authorization rights.
•Access Manager applies security at the user class level.
•You create user classes and add users to those user classes in Access Manager, & apply security within Cognos BI applications, based on the existing user classes.
•User classes are arranged hierarchically, and commonly reflect your company's organizational structure.

Public Class
•A public user class is a user class to which all users in a namespace automatically belong.
•When you add new users to a namespace, if there is a public user class, they automatically belong to it.
•This user class is carried forward into other Cognos products that recognize public user classes.
•You do not have to name the public user class "public"; you can name it anything you want.

User Class Permissions
•User class permissions specify what members of that user class can do using Access Manager Administration.
•You can allow members of a user class to view users, user classes, data sources, and servers, or create and delete users and user classes, and add data sources and servers.


Assigning a class to user
•Assigning a user to a user class gives that user all the permissions of the user class. To open an authenticated application or data source, a user must belong to at least one user class.
•If a user is a member of more than one user class, during authentication they may be prompted to select the user class that they want to use for the current session.

Set up a data source
•Data sources represent network locations where data is stored. A data source can be a database, a PowerPlay cube, or a cube stored in a database.
•Access Manager only stores connection information for each data source, not the contents of the data source




1 comment:

  1. BEAUTIFULL COLLECTION..........

    AND BEAUTIFULL BLOG...........

    SEE MY COLLECTION @

    http://funmaza-jazzy.blogspot.com/

    ReplyDelete