Securing data

You can secure data at the value level by creating security filters.

A security filter defines which users, groups, or roles have access to specific data values in a table. When the users work with dashboards, reports, or explorations that use the table, only the data that is included in the security filter is visible to them.

There are business reasons for restricting access to data at such low level of granularity. For example, you have confidential data that only specific users are allowed to see. Or, a table contains many records, and your users need only a subset of those records.

Note: When you define data security filters, the filters are applied to the data server schema and are reflected in new and existing data modules that use the schema as a source.

Before you begin

The schema metadata for the associated data server connections must be loaded, and you must have write permissions for the connections and their signons.

Tables that are based on typed-in SQL bypass security filters. To avoid potential security risks, specify the ibmcognos.typeinsqldisabled property on the data server connection that your data module is based on. If an attempt is made to create an SQL-based table after this property is specified, the table is not created. If this property is specified after an SQL-based table was created, the query execution is stopped. For more information, see Cognos-specific connection parameters.

About this task

This type of data security can be implemented only for data server sources.

Users who perform this task must belong to a role that has the Set data security feature enabled in the administration interface. Otherwise, the table context menus in the data module won't show the Set data security option that is needed to perform this task. For more information, see Customizing the user interface.

Procedure

  1. From Team content or My content, open a data module.
    The data module source must be a data server, or another source that includes data server tables.
  2. Click the Sources pane Source view icon. to expand it.
  3. Expand the data server schema to view its tables.
  4. From a table context menu, select Set data security, and click Add security definition.
  5. In the Set data security dialog box, create the filters by associating specific users, groups, or roles with columns in the table.
    1. In the Users, groups and roles pane, click the add icon Add an entry icon. In your authentication namespace, locate the users, groups, or roles for which you want to define access to the table data, and select their associated check boxes. The selected names appear in the Selected users, groups and roles pane.
    2. In the Filters pane, from the Select a column drop-down list, select one column, and click Create a filter. Specify the required filter conditions, and click OK. You can add filters for other columns in the same way. To add filters for multiple columns at once, from the Select a column drop-down menu, select the via expression editor option. Your security definition can include one or multiple filters.
    3. Specify a name for the security definition, and click OK.
    The security definition is added to the Security filters tab in the table properties. In the Sources panel, the padlock icon Secured table icon appears beside the table name.