1 Access Manager

Access Manager provides a centralized environment to define, store, and maintain security
information for Cognos business information applications.
In one central location, you can set up and maintain secure user access to data, such as cubes
and reports that are created in other Cognos applications. With Access Manager, you can also
set up and maintain user sign on information and auto-access privileges for the data sources
and servers that contain the required data.

You must use Access Manager with:

• Architect
• Cognos Query
• Upfront
• Impromptu Web Reports
• Visualizer
• NoticeCast

You can choose to use Access Manager with:

• Impromptu
• PowerPlay
• Transformer

You should plan your security strategy and implement it in Access Manager before you start
using other Cognos products. First, you must identify and create users. Then you must decide
how you want to group users with similar needs for access to information, and give them
memberships in user classes. These user classes are given access privileges to the required
application servers, such as PowerPlay Enterprise Server and Transformer Server, and data
sources, such as Oracle, Sybase, and local cubes.

After you set up your security information in Access Manager, you apply that information in the
Other Cognos products.

1.1 Configuring Access Manager

Follow steps mentioned in the document attached below for Configuring Cognos Access
Manager.

"Configuring Access
Manager.doc"

1.2 Creating User Class Structure Via a Macro

The following macro can be used to create your user class structure in Access Manager.
In order for the macro to work, the Namespace, Administrator signon, and password must
be changed.

Sub Main

Dim objAuthApp as Object

Dim objAuthDoc as Object
Dim objRootClass as Object
Dim objUserClass as Object
 '*** Create and log into the object ***
Set objAuthApp = CreateObject("Authenticator2.Application")
Set objAuthDoc = objAuthApp.Documents.OpenWithBasicSignon("Namespace", _
"Administrator", "password", 0)

'*** Sets the Root User Class as the Parent and adds a child class ***
Set objRootClass = objAuthDoc.RootUserClass
Set objUserClass = objRootClass.UserClasses.add("NewUserClass")

'*** Creates two new classes UNDER the child class from previous step ***
objUserClass =
objRootClass.UserClasses("NewUserClass").UserClasses.add("NewClass_sub1")
objUserClass =
objRootClass.UserClasses("NewUserClass").UserClasses("NewClass_sub1").
UserClasses.Add_
("NewClass_sub2")

objAuthApp.Quit

End Sub

In the above example, three new user classes are created at various levels beneath the
Root User class. Assuming that there were no pre-existing user classes, the resulting
hierarchy would look like this:

- RootUser Class
- NewUserClass
- NewClass_sub1
- NewClass_sub2

1.3 Delegated Administration in Access Manager

Access Manager in Cognos Series 7 enables you to set up delegated administration.
Delegated administration allows you to give a user class the ability to either fully
administer the authentication source or just a particular branch of the Namespace.
For more description on delegated administration, refer to the document attached below.

"Delegated
Administration in Access Manager.doc"

1.4 Exporting Namespace Content To .lae File

The following macro script offers a method for easily exporting the contents of a
namespace in your
directory server to an .lae file. This can be used to create backups of your security
information.

Sub Main()
 '* declare program variables
Dim objAuthApp As Object
Dim objLAEConfig As Object
Dim objDSConfig As Object
Dim laef

'*Open an LAE file with the name ByUser[current year]-[currentmonth]-

[currentday].lae

laef = "C:\Temp\Backup-" & Year(Now) & "-" & Month(Now) & "-" &
Day(Now) & ".lae"

''* Open Access Manager with appropriate parameters

'* The namespace used in this example is Cognos
'* The user is Administrator and the password is Admin1234
'* The top level for this example is RootUserClass

Set objAuthApp = CreateObject("Authenticator2.Application")

Set objLAEConfig = objAuthApp.LAEConfigurations.Add(laef)
Set objDSConfig = objAuthApp.DSConfigurations.Add _
("directory server name", 389, "o=Cognos,c=CA", 0)
objAuthApp.Export "Default", "Administrator", "password", True
objAuthApp.Quit
Set objLAEConfig = Nothing
Set objAuthApp = Nothing
End Sub

1.5 Integrating The security

The trusted signon plug-in software development kit (SDK) allows you to extend Access
Manager functionality so you can use your existing security infrastructure with Access
Manager.
 The document attached below explains how to create and implement the trusted signon
plug-in.

"Integrating the
security- Cognos Access Manager.pdf"

1.6 Integrating With Third Party LDAP Server

Problem Description:
Customer wants to integrate with existing LDAP compliant server (not NDS or MS Active
Directory). Can the trusted sign-on SDK be used to accomplish this? What about OLE
automation and batch maintenance?

Solution Description:
Access Manager will need a namespace of its own using NDS or AD even when we wish
to make use of an existing ldap structure from a 3rd party application.

Access Manager will need to have its own namespace on either Netscape Directory
Server or Active Directory. We will need to specify properties to be maintained by Access
Manager such as users having OS signons and to which user class(es) they belong to.
For this, you can use AccMan Batch Maintenance or OLE Automation.

The remaining information will reside on the existing ldap server where we will be able to
authenticate the user using the AccMan SDK. We cannot use AccMan Batch nor Ole
Automation to do any maintenance or modifications to any entries located on the 3rd party
ldap server.

1.7 Exporting an .ldiff to an .lae File

The following macro script offers a method for easily exporting the contents of a
namespace in your directory server to an .lae file. This can be used to create backups of
your security information.

Sub Main()

'* declare program variables

Dim objAuthApp As Object
Dim objLAEConfig As Object
Dim objDSConfig As Object
Dim laef

'* Open an LAE file with the name ByUser[current year]-[currentmonth]-

[currentday].lae
laef = "C:\Temp\Backup-" & Year(Now) & "-" & Month(Now) & "-" & Day(Now) &
".lae"

''* Open Access Manager with appropriate parameters

'* The namespace used in this example is Cognos
'* The user is Administrator and the password is Admin1234
'* The top level for this example is RootUserClass

Set objAuthApp = CreateObject("Authenticator2.Application")

 Set objLAEConfig = objAuthApp.LAEConfigurations.Add(laef)
Set objDSConfig = objAuthApp.DSConfigurations.Add _
("directory server name", 389, "o=Cognos,c=CA", 0)

objAuthApp.Export "Default", "Administrator", "password", True

objAuthApp.Quit
Set objLAEConfig = Nothing
Set objAuthApp = Nothing
End Sub

1.8 Single Sign On

The document attached below illustrates the Steps to SSO Enable Cognos Application.

"Single Sign On.doc"