Cognos BI 10.1.1
How to move security settings from dev to prod environments ?
If you export a deployment package with only directory content “include Cognos groups and roles” and set to “replace existing entries”.
Access permissions are set to “include access permissions” and “apply to new and existing entries”
External namespaces are set to “include references to external namespaces”.
Then only User, Groups and Roles are moved in that package.
Settings for Capabilities and User Interface Profiles are not moved in that package.
If a user or groups does not exist in the new environments LDAP, then that user or group is removed from the Cognos group. It does not show up.
So you can move all user and groups settings between environments to update groups and rolls security, and this will remove any previous users in the Cognos groups. You must exist Cognos Connection and login in again to see the updates of security, after you have imported the security package.
Remember to unselect the “include data sources and connections” in your deployment or you may lose your connections with the data sources.
You need to deploy the whole content store with users to get the Capabilities and User Interface Profiles settings to come over to the new environment.
In Cognos BI 10.1.1 the folder System Administrators are merged, so any users or groups in that folder are not removed. Hopefully this save you from locking your out of the Cognos system by mistake.
This move is only recommended to do once, because it overwrites all reports and data sources.
If you want some other way of handle update of security in Cognos BI, it is recommended to create your own program with help of the Cognos SDK.