Security Capabilities

Securing the Integrated Version Control Feature Set

Security Capabilities for each of the products in the Integrated Control Suite^TM are located in the Integrated Control Suite^TM Secured Feature.  By default each capability is set up with access to Server Administrator, Report Administrator or Authors, depending on the capability.  Review the security policies for these capabilities, and when modifying, ensure to grant access to Execute to the group, role or account that is adding to the list.  It is also important that the “Everyone” security object has traverse access to the Integrated Control Suite^TM Secured Feature.

Administration

The user must have "execute" permission on the Administration secured feature to make changes in the Integrated Version Control^TM Administration Page. It is recommended that the defaults for this capability remain in-tact.  By default, System, Server & Report Administrators are granted access.  Instead of adding groups, roles or account to this list, it is recommended that they be mapped into the Report or Server Administration roles.

ICS Active User

The user must have "execute" permission on the My ICS Active User secured feature monitor semi-real time activity and in order to send broadcast messages to all log in users, as well targeted messages to one or more user.

ICS Deployment Manager

The user must have "execute" permission on the My ICS Deployment Manager secured feature to create, edit, and delete deployment projects.

ICS Recycle Bin

The user must have "execute" permission on the My ICS Recycle Bin secured feature view their recycle bin, restore objects, or permanently delete objects.  Users with administrative privileges for the Recycle Bin can also manage all users’ Recycle Bins.

Revert a report version

The user must have "execute" permission on the Revert Version secured feature as well as Write access to the object being displayed for the Revert Version action selection to appear on the Revision History page object’s context sensitive menu and ellipsis dropdown menu. In addition to proper access, the report cannot be checked out by another user.

Self-service deployment

The user must have "execute" permission on the Self-service deployment secured feature for the deploy action of the Revision History page to be displayed, and the deploy selection to appear on the object’s context sensitive menu and ellipsis dropdown menu in Team content.

Tag a report for deployment

The user must have "execute" permission on the Tag a report secured for deployment feature for the Tag for Deployment action to appear on the object’s context sensitive menu and ellipsis dropdown menu on its Revision History page.  In addition to proper access, at least one deployment project must be marked as public.

View archive service history

This is a legacy feature, and not available to IBM Cognos Analytics users.

View version control history

The user must have "execute" permission on the View version control history secured feature, as well as Read access to the object being viewed to view revision history. When access is granted, the View revision history action will appear in the object’s context sensitive menu in Team content, and in the ICS toolbar dropdown menu in the object’s authoring view if applicable.