QUESTION:
When trying to reorganize Cognos reports and limiting access to specific reports. Despite creating a folder, added reports then granted explicit permission to a role on the folder, i.e. execute and traverse. The permission is not working correctly. Users that are not assigned to the role are still able to access the reports.
ANSWER:
The 'Everyone group' was still assigned to the 'System Administrator' role per the 2017 installation guide, page 119 'Setting the security settings in Cognos'.
When Cognos imports user information from Changepoint, every user is given the Cognos administrator role. This procedure removes that role from all users, except for those users that have specifically been assigned the Cognos Administrator feature.
Optionally, you can grant Changepoint users the access rights to create their own portals in Cognos Workspace.
To remove the administrator role from Changepoint users
1. Sign in to Changepoint as Changepoint administrator.
2. Click Cognos > Cognos Connection.
3. Click Launch > IBM Cognos Administration.
4. Click Security, then click Cognos.
5. Scroll to the System Administrator role, and then click More.
6. Click Set Members, and select Everyone.
7. Click the Remove link.
8. Click OK