1

Access Manager

Access Manager provides a centralized environment to define, store, and maintain security information for Cognos business information applications. In one central location, you can set up and maintain secure user access to data, such as cubes and reports that are created in other Cognos applications. With Access Manager, you can also set up and maintain user sign on information and auto-access privileges for the data sources and servers that contain the required data. You must use Access Manager with: Architect Cognos Query Upfront Impromptu Web Reports Visualizer NoticeCast You can choose to use Access Manager with: Impromptu PowerPlay Transformer You should plan your security strategy and implement it in Access Manager before you start using other Cognos products. First, you must identify and create users. Then you must decide how you want to group users with similar needs for access to information, and give them memberships in user classes. These user classes are given access privileges to the required application servers, such as PowerPlay Enterprise Server and Transformer Server, and data sources, such as Oracle, Sybase, and local cubes. After you set up your security information in Access Manager, you apply that information in the Other Cognos products.

1.1

Configuring Access Manager

Follow steps mentioned in the document attached below for Configuring Cognos Access Manager.

"Configuring Access Manager.doc"

1.2

Creating User Class Structure Via a Macro

The following macro can be used to create your user class structure in Access Manager. In order for the macro to work, the Namespace, Administrator signon, and password must be changed. Sub Main Dim objAuthApp as Object Dim objAuthDoc as Object Dim objRootClass as Object Dim objUserClass as Object

'*** Create and log into the object *** Set objAuthApp = CreateObject("Authenticator2.Application") Set objAuthDoc = objAuthApp.Documents.OpenWithBasicSignon("Namespace", _ "Administrator", "password", 0) '*** Sets the Root User Class as the Parent and adds a child class *** Set objRootClass = objAuthDoc.RootUserClass Set objUserClass = objRootClass.UserClasses.add("NewUserClass") '*** Creates two new classes UNDER the child class from previous step *** objUserClass = objRootClass.UserClasses("NewUserClass").UserClasses.add("NewClass_sub1") objUserClass = objRootClass.UserClasses("NewUserClass").UserClasses("NewClass_sub1"). UserClasses.Add_ ("NewClass_sub2") objAuthApp.Quit End Sub In the above example, three new user classes are created at various levels beneath the Root User class. Assuming that there were no pre-existing user classes, the resulting hierarchy would look like this: - RootUser Class - NewUserClass - NewClass_sub1 - NewClass_sub2

1.3

Delegated Administration in Access Manager

Access Manager in Cognos Series 7 enables you to set up delegated administration. Delegated administration allows you to give a user class the ability to either fully administer the authentication source or just a particular branch of the Namespace. For more description on delegated administration, refer to the document attached below.

"Delegated Administration in Access Manager.doc"

1.4

Exporting Namespace Content To .lae File

The following macro script offers a method for easily exporting the contents of a namespace in your directory server to an .lae file. This can be used to create backups of your security information.

Sub Main()

'* declare program variables Dim objAuthApp As Object Dim objLAEConfig As Object Dim objDSConfig As Object Dim laef '*Open an LAE file with the name ByUser[current year]-[currentmonth][currentday].lae laef = "C:\Temp\Backup-" & Year(Now) & "-" & Month(Now) & "-" & Day(Now) & ".lae" ''* Open Access Manager with appropriate parameters '* The namespace used in this example is Cognos '* The user is Administrator and the password is Admin1234 '* The top level for this example is RootUserClass Set objAuthApp = CreateObject("Authenticator2.Application") Set objLAEConfig = objAuthApp.LAEConfigurations.Add(laef) Set objDSConfig = objAuthApp.DSConfigurations.Add _ ("directory server name", 389, "o=Cognos,c=CA", 0) objAuthApp.Export "Default", "Administrator", "password", True objAuthApp.Quit Set objLAEConfig = Nothing Set objAuthApp = Nothing End Sub

1.5

Integrating The security

The trusted signon plug-in software development kit (SDK) allows you to extend Access Manager functionality so you can use your existing security infrastructure with Access Manager.

The document attached below explains how to create and implement the trusted signon plug-in.

"Integrating the security- Cognos Access Manager.pdf"

1.6

Integrating With Third Party LDAP Server

Problem Description: Customer wants to integrate with existing LDAP compliant server (not NDS or MS Active Directory). Can the trusted sign-on SDK be used to accomplish this? What about OLE automation and batch maintenance? Solution Description: Access Manager will need a namespace of its own using NDS or AD even when we wish to make use of an existing ldap structure from a 3rd party application. Access Manager will need to have its own namespace on either Netscape Directory Server or Active Directory. We will need to specify properties to be maintained by Access Manager such as users having OS signons and to which user class(es) they belong to. For this, you can use AccMan Batch Maintenance or OLE Automation. The remaining information will reside on the existing ldap server where we will be able to authenticate the user using the AccMan SDK. We cannot use AccMan Batch nor Ole Automation to do any maintenance or modifications to any entries located on the 3rd party ldap server.

1.7

Exporting an .ldiff to an .lae File

The following macro script offers a method for easily exporting the contents of a namespace in your directory server to an .lae file. This can be used to create backups of your security information. Sub Main() '* declare program variables Dim objAuthApp As Object Dim objLAEConfig As Object Dim objDSConfig As Object Dim laef '* Open an LAE file with the name ByUser[current year]-[currentmonth][currentday].lae laef = "C:\Temp\Backup-" & Year(Now) & "-" & Month(Now) & "-" & Day(Now) & ".lae" ''* Open Access Manager with appropriate parameters '* The namespace used in this example is Cognos '* The user is Administrator and the password is Admin1234 '* The top level for this example is RootUserClass Set objAuthApp = CreateObject("Authenticator2.Application")

Set objLAEConfig = objAuthApp.LAEConfigurations.Add(laef) Set objDSConfig = objAuthApp.DSConfigurations.Add _ ("directory server name", 389, "o=Cognos,c=CA", 0) objAuthApp.Export "Default", "Administrator", "password", True objAuthApp.Quit Set objLAEConfig = Nothing Set objAuthApp = Nothing End Sub

1.8

Single Sign On
The document attached below illustrates the Steps to SSO Enable Cognos Application.

"Single Sign On.doc"