IBM Cognos and Motio Best Practices Blog

Improve How You Solve Cognos Report Access Issues with Impersonation

Posted by Lisa Zavetz on Thu, Jul 28, 2016 @ 09:00 AM
Find me on:

You check your emails Friday afternoon and see that Ursula has lost the ability to see some important reports after a new release. Ursula desperately needs these BI assets available Monday morning. You can't walk over to Ursula’s office though, because she is in New York and you are in Honolulu.

You E-mail Ursula now, but it’s already after working hours in New York. You can hope that she checks her e-mails, and the two of you can pick a time to work on the issue. But your cousin’s wedding is on Saturday, so Saturday won’t work. And Sunday morning, well, you will need to recover from Saturday night.

Maybe 2:00 pm Sunday in Honolulu (8:00 pm in New York) will work! So now you have a time, how do you solve the problem? Do you screen share? Do you dare ask Ursula her password? Password sharing is a huge company policy violation (Besides, is she willing to admit her password is the name of the favorite of her cats?) Why can’t this all be easier?

Let me introduce you to Impersonation, a feature of Motio’s PersonaIQ product. Impersonation allows authorized administrators or support personnel to login to Cognos as different users. You see exactly what the user is seeing, so you can troubleshoot issues quicker and without temporary passwords or screen sharing. Impersonation also combats the frustrating back and forth of trying to explain your issue over chat or phone (this is worsened by the 8 hour time zone difference.) Additionally, Impersonation requests are fully audited, so it is a much more controlled and secure way to troubleshoot.

Back to Ursula. You can set up an impersonation rule (which authorizes you/your support personnel to use it) in Persona IQ. In this situation, we’ve set up an impersonation rule that allows one of your support personnel (Robert) to impersonate any user from the New York Branch.

Impersonate New York Branch
Robert can impersonate everybody in the group "New York Branch." Click to enlarge.

To see a demonstration of the impersonation feature, watch the webinar here.

Login as Ursula
Login to Cognos as Ursula to see Cognos exactly how she sees it. Click to enlarge.

Once the impersonation rule for the New York Branch members has been authorized for Robert, he can see Cognos the exact way that these users can. In this case, Ursula. This gives Robert the freedom to poke around for issues on his time schedule, without needing Ursula on standby.

In this example, Ursula doesn’t have the ability to view the Category Sales report for the first quarter, but can still see other assets. This leads Robert to believe there is a permission on the Category Sales Q1 report that Ursula doesn’t have access to.

Can't See Category Sales QTR 1
Ursula does not have access to "Category Sales- QTR 1." Click to enlarge.

Robert can log out of Cognos as Ursula, and back in as himself to see what permissions are set on the Category Sales- QTR 1 report. He discovers that, for some unknown reason, someone “denied permissions” to the Category Sales -QTR1 report to members of the Department Heads group

Impersonation- Give Permissions
Robert is able to ensure the New York Branch (and thus Ursula) is able to view full permissions. Click to enlarge.

Robert is able to correct the issue in Cognos. He can then log-in as Ursula, and verify that the issue is correct (before notifying her!) Robert can enjoy the weekend in Honolulu and Ursula knows it won’t be her head on the chopping block Monday morning.

See Category Sales
Click to enlarge

As you can see, Impersonation allows a Cognos support user to solve an issue without the hassle of guessing and checking. Compare this to the time consuming, “Okay, does that solve your problem?” “Can you see your data now?” cycle. The back and forth conversation has been eliminated, and you can have a stress free weekend (which is, after all, the reason you moved to Hawaii!)

Watch the Webinar Replay