no permission to perform operation

Planning Analytics 2.0.5
Cognos Analytics 11.0.13
Microsoft Windows 2016 server

Inside the CA11 cognos connection you have a workspace widget that link to a TM1 Application web (contributor app) that is on a secure TM1WEB server (HTTPS), and your CA11 is not, it uses HTTP. Depending on the browser used, you can get the error “no permission to perform operation”.

This can be that you have no rights in the TM1 application, but can also be that the user credentials is not brought forward to the site.

Suggested solution:
In the case when you have the servers in different domains, this can be a solution;

When the TM1 Application Server is not accepting the request at all. You can add an additional header, so that pmpsvc accepts requests from certain domains. The header is described here:

Login to tm1 server.
Open C:\Program Files\ibm\cognos\tm1_64\webapps\pmpsvc\WEB-INF\configuration\fpmsvc_config.xml in notepad++.
Find the line:

name=”X-Content-Type-Options” value=”nosniff”

Add the following after above line:

name=”Referer” value=”;”

Like this:

Restart TM1 Application Server

The setting will allow the pmpsvc URL to be called from any website within the and domain.

If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referrer field is not sent.