Troubleshooting
Problem
User launches the Controller client, and logs onto Controller with a (Windows) userID that is associated (via Cognos CAM security and Single Sign On) to the Controller user ADM.
- When logged onto Controller with this user ID, they can successfully create/edit new/existing Controller users.
However, if they launch Controller client and logon with a different (Windows) userID (for example "mydomain\JISAACS") then they get the problem
- Specifically, if they logon using a Windows user account which is associated with a different Controller userID (for example 'ADMIN2'), then they cannot create or edit Controller users (via the 'Maintain - Rights - Users...' menu).
Symptom
Cause
There are several potential causes:
- Scenario #1 - The Windows user (for example "JISAACS") associated with the 'bad' Controller user (for example "ADMIN2") is not a member of the Controller role 'Controller Administrators' (inside the Cognos security namespace).
- Scenario #2 - Controller user (for example "ADMIN2") does not have 'administrative' permissions inside Controller itself
- Scenario #3 - Controller user (for example "ADMIN2") is not a member of the 'MAIN' group
- Scenario #4 - The Controller database application is *not* configured to have 'Security enabled'
Environment
Controller configured to use 'CAM Authentication' (as opposed to the default "native" security):
In almost all cases, this means that users are logging on with their Windows Active Directory userIDs.
Resolving The Problem
Scenario #1
Add the Windows user (associated with ADMIN2) to be a member of the Cognos BI security group role Controller Administrators (as well as 'Controller Users').
Steps:
1. Launch Cognos Connection (http://servername/ibmcognos)
2. Open the section 'Security':
3. Click on 'Cognos'
4. Open the role 'Controller Administrators'
5. Add the user (for example the Windows Active Directory account which is associated with the Controller user 'ADM2') to be a member of this role.
2. Click "Maintain - Rights - Users"
3. Highlight the relevant user (for example 'ADMIN2')
4. Tick the box "User Group Administrator":
Scenario #3
1. Launch the Controller client
2. Click "Maintain - Rights - Users"
3. Highlight the relevant user (for example 'ADMIN2')
4. Ensure that they are a member of 'MAIN' user group:
2. Click "Maintain - Rights - Users"
3. Ensure that the option 'Security System enabled' is ticked:
Add the Windows user (associated with ADMIN2) to be a member of the Cognos BI security group role Controller Administrators (as well as 'Controller Users').
Steps:
1. Launch Cognos Connection (http://servername/ibmcognos)
2. Open the section 'Security':
3. Click on 'Cognos'
4. Open the role 'Controller Administrators'
5. Add the user (for example the Windows Active Directory account which is associated with the Controller user 'ADM2') to be a member of this role.
Scenario #2
1. Launch the Controller client2. Click "Maintain - Rights - Users"
3. Highlight the relevant user (for example 'ADMIN2')
4. Tick the box "User Group Administrator":
Scenario #3
1. Launch the Controller client
2. Click "Maintain - Rights - Users"
3. Highlight the relevant user (for example 'ADMIN2')
4. Ensure that they are a member of 'MAIN' user group:
Scenario #4
1. Launch the Controller client2. Click "Maintain - Rights - Users"
3. Ensure that the option 'Security System enabled' is ticked:
Related Information
[{"Product":{"code":"SS9S6B","label":"IBM Cognos Controller"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.3;10.2.1;10.2.0;10.1.1;10.1","Edition":"Not Applicable","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Historical Number
1041127
Was this topic helpful?
Document Information
Modified date:
26 March 2020
UID
swg21367279