User authorization for Cognos folders and reports

A Custom Java Authentication Provider (CJAP) provides authorization for users who access Cognos report folders and reports. You can implement this feature after you implement the Unica Authentication Provider, which provides single sign-on authentication between Unica applications and Cognos.

Limitations of the Unica Authentication Provider

After Cognos has been configured to use the Unica Authentication Provider, users are authenticated automatically in Cognos when they access reports in an Unica application. If a user accesses the Cognos URL in the same browser session used to access Unica products, Cognos does not prompt the user to log in again.

A user who is logged in to the Cognos user interface becomes a part of the Cognos Everyone group. This is the default Cognos namespace implementation. The Everyone group in Cognos has System Administrator privileges by default. This is a security risk, because every user becomes an admin user. A malicious user can take advantage of this permission to delete or edit reports in public folders.

The Unica Authentication Provider authenticates users in Cognos, but it does not authorize them in Cognos. To correct this limitation, the CJAP implementation makes users visible in the security section of the Cognos namespace. When this is done, you can administer user roles and permissions in Cognos.

Overview of the CJAP implementation

The CJAP implementation brings all users in the Unica application who have report access into a Cognos namespace that you specify. The CJAP associates Unica users with Cognos groups based on their Unica product access. Users who have the ReportsUser role in Unica receive read-only, limited access to Cognos folders and reports. Users who have the ReportsSystem role in Unica receive administrator permission in Cognos. You can also customize groups and roles to secure custom reports and report folders in Cognos.

CJAP prerequisite

Before you implement CJAP, ensure that the Unica Authentication Provider is implemented and tested.