Inherited security is common in IBM Cognos environments. However, this inheritance can get altered as security permissions get updated over the life of the environment. When security inheritance becomes incorrect, this can lead to users having either too little access, or too much access. Both of which can be very bad for Cognos administrators. Fortunately, MetaManager™ comes with the ability to review and fix inherited security policies.
To review the security inheritance of an object, select the object in the MetaManager™ portal tree. For this example we will select a folder.
Once selected, you will be presented with a dialogue box showing the security inheritance of the object you selected. This will include all the ancestors and descendants for the selected object. Any object that is grayed out is inheriting security from its parent. Any object not grayed out is not inheriting security. For this example, we can see that the Management folder is not inheriting security.
Unfortunately for this environment, the Management folder should be inheriting its security from its parent. This can easily be fixed directly from this dialogue box by selected the Management folder, and then clicking the “Reset permissions to inherit on selected item…” option. This will force this object to inherit security from its parent.
The dialogue box now shows this folder is grayed out. So we know that it is properly inheriting its permissions again.
The other option you may have seen is the “Reset permission to inherit on all descendants…” option. This is used to force all descendants to inherit permissions from their parent. Using this option prevents you from selecting each object individually and forcing the inheritance.
An example of this option would like something like this: right click the Management folder and select the Review Security Inheritance option. Once selected, the dialogue box now shows all the descendants of the Management folder are not inheriting security from it.
To fix this, you can select the Management folder and click the “Reset permission to inherit on all descendants…” option. This forces all the descendants of the Management folder to once again inherit their permissions from this folder.