IBM Cognos 10.2 Security Best Practices

3,899 views
3,380 views

Published on

Learn best practices in security for IBM Cognos version 10.2.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,899
On SlideShare
0
From Embeds
0
Number of Embeds
46
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

IBM Cognos 10.2 Security Best Practices

  1. 1. IBM Cognos® Security Best Practices   Wisconsin User Group, March 2014 Kirk Wiseman PerformanceG2, Inc.
  2. 2. Agenda !   Authentication versus Authorization !   Overview Cognos Security !   Best Practices !   Questions
  3. 3. Authentication vs Authorization !    Cognos  security  is  based  on  authen2ca2on  and  authoriza2on   !    Authen2ca2on  -­‐-­‐    You  are  who  you  say  you  are.   !    Authoriza2on  –  What  you  can  or  cannot  do.   !    Authen2ca2on  is  handled  by  a  3rd  party  security  tool  such  as  Ac2ve  Directory  LDAP  or    OpenLDAP   !    Authoriza2on  is  handled  through  Cognos  using  groups,  roles,  capabili2es  and    permissions    
  4. 4. Cognos Security Overview !    Namespaces   !    External  Authen2ca2on  providers  are  set  up  as  namespaces  in  Cognos   !    Cognos  Namespace     !  A  built-­‐in  namespace  that  provides  pre-­‐defined  security  entries,  including:    groups,  roles,  data  sources,  distribu2on  lists  and  contacts   !    Cannot  be  deleted   !    Cognos  groups  and  roles  are  op2onal   !    Cognos  Applica2on  Firewall  (CAF)   !    Acts  as  a  smart  proxy  for  the  gateways  and  dispatchers   !    Analyses,  Modifies  and  validates  HTTP  and  XML  requests   !    Prevents  Malicious  code  from  being  inserted   !    Turned  on  by  default  –  LEAVE  IT  ON!    
  5. 5. Cognos Security Best Practices !    Immediately  aVer  install  and  configura2on:   !  Turn  off  anonymous  access  and  enable  an  external  authen2ca2on  provider   !    Add  at  least  two  groups  of  administrators  to  the  Cognos  System  Administrator    group.   !    Remove  the  Cognos  Everyone  Group  from  Everything   !    Plan  your  security  sooner  rather  than  later   !    Plan  it  out  on  paper,  excel,  etc.  first   !    Decide  whether  you  are  going  to  u2lize  the  op2onal  Cognos  Groups  and  Roles,  Your    Authen2ca2on  provider’s  groups  or  a  combina2on  of  both.   !    Set  up  capabili2es  early   !    Create  your  folder  structure  early  and  set  permissions  using  allow   !    Use  DENY  sparingly,  if  at  all!!     !      Set  up  test  users  and  test  each  and  every  scenario.    
  6. 6. Cognos Security Best Practices !    If  se]ng  up  Single  Sign-­‐on  do  it  aVer  all  other  tes2ng  has  been  accomplished   !    If  access  is  to  be  given  outside  of  the  company’s  firewall  then  set  up  SSL   !    Set  the  Valid  domains  op2on   !    Maintain  a  security  process  document  for  your  organiza2on  
  7. 7. A little bit about Permissions !    Read   !    View  all  proper2es  of  an  entry,  including  report  specs,  report  output,  etc.   !    Write   !    Modify  proper2es  of  a  report   !    Delete  an  entry   !    Create  entries   !    Modify  reports   !    Create  new  outputs   !    Execute   !    Reports,  agents,  etc  can  be  run.       !    Data  Sources  can  retrieve  data.   !    Set  Policy   !    Read  and  modify  security  se]ngs   !    Traverse   !  The  ability  to  see  through  an  object  to  its  children.      
  8. 8. Permission Examples Ac#on   Permissions  Required   Add  an  entry   Write  permissions  for  a  parent  entry   Query  the  entry  proper#es   Read  permissions  for  an  entry   View  the  children  of  the  entry   Traverse  permissions  for  an  entry   Update  an  entry   Write  permissions  for  an  entry   Delete  an  entry   Write  permissions  for  an  entry,  and  write  permissions  for  a   parent  entry   Copy  an  entry   Read  permissions  for  an  entry  and  any  child  entries,  traverse   permissions  for  all  of  the  children,  and  write  and  traverse   permissions  for  the  target  parent  entry   Move  an  entry   Read  and  write  permissions  for  an  entry,  write  permissions   for  both  the  source  parent  entry  and  the  target  parent  entry,   and  traverse  permissions  for  the  target  parent  entry  
  9. 9. 9/2/09   Questions?
  10. 10. Connect with us !  Call us: 877.742.4276 !    Email us: training@performanceg2.com, info@performanceg2.com !    Visit our web site: performanceg2.com !    Watch our Cognos videos at: youtube.com/performanceg2 !    Follow us: twitter.com/performanceg2 !    Read our blog !    Upcoming events !  Upcoming training
  11. 11. Thank you for attending! training@performanceg2.com  

×