September 11, 2011 25 Comments
Hiding Cognos Connection Elements
By default Cognos offers a ride range of UI options. Based on the group or role you can programmatically decide who can see which UI Elements. A simple modification of the system.xml file is all that is needed to take care of this.
The Admin and Security guide, which can be found in the \webcontents\documentation\en\ug_cra.pdf, has an excellent article on how to accomplish this. You can also find the article online here.
The full list of elements that you can hide can also be found in the guide, or online here.
While those links are for 8.4, they are essentially identical for 8.4.1 and 10.1.
But what happens when you have a requirement to remove elements that don’t appear in the list? This is possible by modifying one of the template files that controls the structure of the portal. These files are saved as XSL files, and are easily modified using any text editor. I strongly recommend using a text editor with XML support, such as Notepad++.
Before I continue, it’s worth mentioning the following. Changing these files may be risky. A misplaced semicolon will prevent Cognos from loading, and IBM has a tendancy not to support installations that have modified the Cognos internals. These changes will also be overridden by any patches or upgrades.
Always make a backup of any files you modify. When trouble does occur and you need IBM’s help, simply switch the active files with the backup, and IBM will be none the wiser (and if the problem is fixed, you know where to look).
You should also maintain a change log of everything you do. Upgrades will replace the template files, and there may be differences between the versions. Instead of simply overwriting the upgraded version with your modified version, you should make all the changes again manually. Fortunately (unfortunately?) patches and version upgrades tend to be rare occurrences.
A brief explanation of the files to modify:
There are two primary XSL files which control the portal.
The \controls\presentation.xsl renders, among other things, the HTML behind tabs, and the rows and columns in the Public Folders/My Folders table.
The \main\presentation.xsl renders the links to the correct style sheets, the page headers, and the individual links in the Public Folders/My Folders table.
Between the two, they control the HTML between most of the objects you see on the page.
The system.xml file that contains the UI black list can be found in \templates\ps\portal\system.xml
And now the problem. The client has decided that no user, except administrators and report authors, should be able to see the Properties or More… links for any reports or folders.
First, hiding the properties.
In the \main\presentation.xsl do a search for action_properties.gif. There should be four instances of that string. Each of these instances controls the properties for a different type of object. Series 7 object, CRN object, Job and… well, I’m not entirely sure what the fourth one is for, but I’m sure it’s very important. 5 points to whoever enlightens me.
In each of these four cases the action_properties.gif is part of a xsl:call-template reference.
This statement is calling the renderActions template with values for the onclick, icon and tooltip parameters.
In order to prevent this segment from being rendered we need to add it to the “Elements you can hide” list. The code that controls items on the list is as follows:
<out:if test="not(contains($ui_black_list, 'NAME'))"> </out:if>
This will check the system.xml for an appearance of NAME in the ui_hide list. Should it appear, it will not render anything inside the code block except for users or groups listed in the show parameter. Knowing this, all that is needed to hide the properties is to add the black list code to all four appearances of the renderAction call.
In this case, I set the black list name to PROPERTIES. Now, in the system.xml simply add the following to the ui_hide param:
<PROPERTIES show ="Administrators RSUsers"/>
When you restart, only administrators and authors will be able to see the properties for any object.
Now for the More…
The technique to hide the “More…” link is almost identical.
Simply find all occurences of IDS_ACT_MORE in the same file. In my modified file all occurences appear between lines 4640 and 4722. Thanks to Notepad++’s XML support, I can see that all of these are held inside a single group.
Instead of black listing each individual appearance of the More… link, let’s try black listing the entire group.
Now to add MORE to the system.xml black list
As before, only administrators and authors will be able to see the More… link.
The following shows how folders look to normal users:
And this is what reports look like:
It’s very important to do extensive tests to ensure this meets the client needs. You could probably also reverse the black list by getting rid of the “not()” from the code. Remember that the idea behind this article is not to simply show how to hide specific elements from the Cognos Connection. It’s to show how easily it is to shape Cognos to meet your needs. The XSL sheets are there to be modified.