Last week IBM posted details of an issue which can affect Cognos 8.4, Cognos Express 9 and TM1 9.4/9.5/9.5.1 users using Cognos. The post can be found here:
http://www-01.ibm.com/support/docview.w ... wg21445257
In a nutshell, the problem is as follows:
More specifically:Data security may be compromised for Cognos BI users authoring and reporting against Cognos TM1 data leveraging Cognos Access Manager (CAM) for User Authentication and configured with Integrated Security Mode setting of 4 or 5 in the Cognos TM1s.cfg file. This issue results from a Cognos BI user being assigned the Cognos TM1 data security definition of a previously logged-in user when these users share a similar security group profile.
There's a .pdf on the web page which gives the full details of the problem.When a Cognos BI user attempts to access Cognos TM1 data, the connection algorithm first determines whether an existing connection can be used, and looks to see if a previously logged in user with an active connection shares a CAM group definition with the designated user.
• If the algorithm finds an active connection with a matching CAM group definition, the existing connection to Cognos TM1 is shared by the designated user.
• If the algorithm cannot find a connection having the designated user’s CAM Security profile, it creates a new, uniquely defined connection to Cognos TM1.
Based on the above rules, if Jane and John both belong to the Europe groups/roles in CAM, they will share a Cognos TM1 connection.
• This algorithm does not consider the group assignments defined within the Cognos TM1 server itself; specifically, "clients" (what Cognos TM1 calls users) that are assigned to Cognos TM1 administration groups and/or Cognos TM1 native groups.