APAR status
Closed as documentation error.
Error description
The CM.SECURITYQUERYREQUIRESREAD property does not work with OIDC namespaces. When set to true, users that do not have READ permissions on other users should not see users when selecting or searching for users using "Search Directory" when sending a report by email, or in other parts of the UI. This works for namespace types like LDAP, but for OIDC namespaces it has no effect. Users in a OIDC namespace can still see or search for users they do not have READ permissions on.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * CA users * **************************************************************** * PROBLEM DESCRIPTION: * * The CM.SECURITYQUERYREQUIRESREAD property does not work with * * OIDC namespaces. When set to true, users that do not have * * READ permissions on other users should not see users when * * selecting or searching for users using "Search Directory" * * when sending a report by email, or in other parts of the UI. * * * * This works for namespace types like LDAP, but for OIDC * * namespaces it has no effect. Users in a OIDC namespace can * * still see or search for users they do not have READ * * permissions on. * * * * Test Case Steps: * * * * 1. Set advanced settings * * 2. Set Deny Read on LDAP namespace * * 3. Go to Manage credentials * * 4. Browse in LDAP * * 5. Nothing is returned * * 6. Do the above for OIDC * * 7. List of users is returned. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
I've added a note to the topic for 11.1 and 11.2: * https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=refere nce-content-manager-service-advanced-settings#contentManagerServ ice_CM.SecurityQueryRequiresRead * https://www.ibm.com/docs/en/cognos-analytics/11.2.0?topic=refere nce-content-manager-service-advanced-settings#contentManagerServ ice_CM.SecurityQueryRequiresRead
Temporary fix
Comments
APAR Information
APAR number
PH50755
Reported component name
COGNOS ANALYTIC
Reported component ID
5724W12XX
Reported release
B0A
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-11-08
Closed date
2023-03-08
Last modified date
2023-03-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"Cognos Analytics"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B0A","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
08 March 2023