Enabling multitenancy

To enable Cognos® multitenancy capabilities, you set advanced authentication properties on all the computers where the Content Manager is configured, and then restart the IBM® Cognos service.

Before you begin

  • Identify how tenant information is determined for individual users in your environment. For more information, see Identify tenancy information.
  • Compile any required custom Java class files into JAR files and either place them into the c10_location/webapps/p2pd/WEB-INF/lib directory along with any associated files, or update the CLASSPATH environment variable to include the path to these files.
  • Determine whether you must apply the multitenancy settings to all configured namespaces or to individual namespaces. Multitenancy properties for a specific namespace override any multitenancy properties that are set globally. If a namespace is not configured to use multitenancy, then policies and permissions for objects are used to determine who can access the objects.

Procedure

  1. Open IBM Cognos Configuration.
  2. To configure tenancy settings globally or for individual namespaces, use the following steps:
    • To configure the tenancy information for all namespaces: In the Explorer window, under Security, click Authentication.
    • To configure the tenancy information for one namespace: In the Explorer window, under Security, click Authentication. Click the namespace that you want to configure.
  3. Click the Edit button in the Value column for Advanced properties.
  4. Click Add.
  5. Add the multitenancy properties that you need.
    The following scenarios illustrate possible combinations of the multitenancy properties:
    • To use hierarchy information, you could set the following property:
      multitenancy.TenantPattern = ~/ancestors[2]/defaultName
      Note: If you use Active Directory namespaces, you must also set the MultiDomainTree advanced property to true to map tenants to domains.
    • To use specific object attributes from your authentication provider, such as a department number (departmentNumber), you would follow these steps:
      1. Set the following advanced properties:
        multitenancy.TenantPattern = ~/parameters/parameter_name
AdditionalUserPropertiesToQuery = parameters
      2. Set the following namespace custom property:
        parameter_name = departmentNumber
    • To use a custom Java class, you would set the following property:
      multitenancy.ITenantProvider = custom_class_name
      where custom_class_name represents the name of a Java class that you created.
  6. Click OK.
  7. Test the changes. In the Explorer window, right-click Authentication, and click Test. A message showing that multitenancy is enabled appears in the log.
  8. From the File menu, click Save.
  9. Restart the IBM Cognos service for the changes to take effect.

What to do next

After multitenancy is enabled, the system administrator must set the tenancy information for the objects in the content store.

To track tenant activities, you can use a logging database. For information about creating a logging database, see the Installation and Configuration Guide.

Parent topic: Multiple Tenant Environments