Extract from “Securing the Cognos 8 Environment ”
Add or Remove Object Security within Cognos 8 Framework Manager
“Metadata security can be applied directly to objects in a project. When you add object-based security, you apply a specific user, group, or role directly to the object. You choose to make the object visible to selected users or groups. If you do not set object-based security, all objects in your project are visible to everyone who has access to the package. When you apply security to one object, all objects in the model will also have security applied to them. They will not be visible to anyone. Once you set security for one object, you need to set it for all objects. You can make every object in a main project namespace visible to selected users, groups or roles, except relationships. For example, in your project, you may have a Salary query subject. You can make the Salary query subject visible to the Managers group, and keep it hidden from everyone else.
If a user is a member of multiple user groups and an object is visible to one user group and denied to the other, the user will not have access to the object. For example, Jane belongs to two user groups: Sales and Marketing. The Sales group has access to the Products and Sales query subjects, and denied access to the Sales Forecast query subject. The Marketing group has access to Products, Sales and Sales Forecast query subjects. Jane will not have access to Sales Forecast.
When you secure an object, a package is automatically created in Framework Manager. The package name consists of an underscore (_) and the name if the secured object. These object-based packages are visible in the Explorer. You can use this package to see which objects in the project are included, hidden, or excluded from a specific user group. Every time you include that object in a package, and publish it for report
authors, the same security rules apply for that object. When you publish a package that contains secured objects, the visible objects for users are the intersection of the package definition and the object security settings. If object-based security is not used, security to a package remains unchanged.”
