Setting access to user capabilities

You set access to the capabilities, also known as secured functions and features, by granting execute and traverse permissions for them to specified users, groups, or roles.

For example, to grant access to IBM® Cognos® Analytics with Watson - Reporting and all its functionality, you grant execute permissions for the Reporting secured function. If you want to grant access only to the Create/Delete secured feature within Reporting, grant traverse permissions for the Reporting secured function and execute permissions for the Create/Delete secured feature.

Note: A user must have execute and traverse permissions on a capability, or any of its sub-capabilities, for it to appear in the Personal menu Personal menu icon under Profile and settings > Profile > My Capabilities > View details.

Before you begin

You must have set policy permissions to administer secured functions and features. Typically, this task is done by directory administrators.

Before you start setting permissions on capabilities, ensure that the initial security settings are already specified.

Procedure

  1. In Manage, click People > Capabilities.

    A list of available secured functions appears. Some of the secured functions contain secured features that you access by expanding the secured function.

  2. For the secured function or secured feature that you want to modify, click the context menu icon Vertical actions menu icon, and then click Properties or Customize access.
  3. On the Access tab, add the users, groups, or roles that need this capability, and specify permissions for them.

    For secured features, turn on the Override parent access option. Only then you can continue with the rest of the steps.

    1. To add new users, groups, or roles to the capability, click the Add member icon add member icon, and select a namespace. Use one of the following methods to add entries:
      • In the selected namespace, click the users, groups, or roles that you want to add. To add multiple entries at once, use Ctrl-click. Click Add for the entries to be added to the capability.
      • To search for entries within the selected namespace, type text in the Search icon Find field.

        You can click the Search Method icon Properties icon to find entries that either contain, start with, or are an exact match with the text that you type, or click the Type icon Filter icon to filter either users, groups, or roles from the list of entries.

    2. For the new users, groups, or roles in the list, select the Access permission.

      This permission includes the Execute and Traverse granular permissions. Alternatively, you can select the Custom permission, and choose the required combination of granular permissions.

      Important:

      The Execute permission is always necessary when setting access to capabilities. The Traverse permission is not always required. Any other permissions depend on the user role.

    3. To remove a user, group, or role from the list, click the Remove member icon Remove member icon.
    4. To apply your changes, click anywhere on the Access tab. The newly added users, groups, or roles, with the permissions that you specified for them, appear on this tab.