Symptoms

Every user running reports on our defined data set sees the same data. It appears that Changepoint security is not applied.


Reason

Cognos data sets are static sets of data that are refreshed manually or peridoically by a schedule. Changepoint security is applied when the data set is refreshed.

After the data set is refreshed, the data is the same for all users that have access to the data set. This is how it has been designed by IBM.

There is no further checking of security at user level when a report or a dashboard based on the data set is executed.

Resolution

To have Changepoint security applied for each individual user that runs a report, the report must be based on the Changepoint package and not on a data set. Basing the report on the Changepoint package ensures that a query specific for the user and security checks are built and executed every time the report is run.

There is an intermediate solution if you want to use the Cognos data set functionality. You can build a data set and then within a data module, create an inner join to an element of the Changepoint package, such as a projectid or taskid. The data returned from the package would respect the security at runtime, and when you then join to your data set, it would just show the rows of the data set to which the user has access. 

For more information about setting up a join, see the "Cognos Data Module - Join between data set and Changepoint package doesn't work" article.