Hi,
Does anyone know how to create tenantID using cognos 10.2.2 sdk to enable multitenancy.
Thanks
NileshT
Hi Nilesh,
The SDK provides numerous abilities when it comes to administering tenants in Cognos. Enabling multitenancy in Cognos has, essentially, three phases beyond the normal security namespace configuration:
- telling Cognos how to get a tenant ID for a given user,
- associating a particular tenant ID with a name for that tenant (i.e. creating a tenant object), and
- assigning certain content to that tenant object so that other tenants cannot see the content.
It sounds like you are interested in information on #1 or #2, but I am not sure which, so I will give some general information on both and you can feel free to ask more specific questions based on your use case. Note that I am just giving a high level summary here and the documentation will contain significantly more detail.
Telling Cognos How to Get a Tenant ID
Telling Cognos how to get a tenant ID for a given user is primarily done in one of three ways. All three ways are configured in Cognos Configuration, which naturally means that the configuration must be duplicated on each content manager.
The first way to configure Cognos to get a tenant ID is to use an existing property on the user account in the security provider. The example used in the documentation is the user’s departmentNumber property. If the goal is to break down certain departments into tenants in the environment, this can be achieved by creating an advanced account mapping for the departmentNumber property and then using the “Pattern” option for the “Tenant ID Mapping” setting and specifying the property. It has to be formatted a certain way, so review this documentation for the specifics.
The second way to configure Cognos to get a tenant ID for a given user is similar to the first in that it uses already existing information in the security provider. This time, however, the tenant for a user will be based on the user’s hierarchical location in the security provider. The common example here would be if the user’s OU or some ancestor OU was sufficient to provide the tenant information. For example, if the security provider is broken down into a hierarchy of companies or departments, this option may be sufficient. In this case, the same “Pattern” option is used for the “Tenant ID Mapping” property, but what you enter here and for the “Account Mappings (Advanced)” setting will be different, so review this documentation for the specifics.
The third way Cognos can get a tenant ID for a user is via custom Java classes that Cognos will ask when it needs the tenant ID of a particular user called a custom tenant provider. Similar to Custom Java Authentication Providers (CJAPs), the Java code implements an interface that allows Cognos to offload the decision process for tenants to custom code that figures it out however the user likes. The ITenantProvider interface that needs to be implemented is discussed in the Custom Authentication Provider documentation.
Associating a particular tenant ID with a tenant name
To give a tenant ID on a user account any real effect, some content in the content store must be associated with that tenant. This will prevent other tenants from seeing the content, regardless of permissions granted on the particular objects to the other tenants. A tenant object’s properties that are relevant here are its name and its tenant ID.
In Cognos Analytics (Cognos 11), tenants can be created through the UI by clicking Manage > Multitenancy. However, tenant objects can also be created through the Cognos SDK and their properties, like name and tenantID, set in the same way as any other object in the content store. There is plenty of sample code available under the <Cognos root>/sdk directory that should help direct you to how to create an object of arbitrary type (like tenant) and “add” it to the content store using the content manager service, but feel free to come back with further questions after taking a look at the docs and sample code.
Assigning content to be visible only to a given tenant
If you’ve made it this far, rest easy. This part should be no problem. Assigning content to a tenant is as easy as setting the tenantID property on any BaseClass object, which is essentially every object type. Most commonly, you’ll find that users tend to set the tenant ID on a folder of content that should be restricted because the tenant ID set on a container applies to all objects that are under the container hierarchically. Again, I’m not sure if you are looking for specifics on how to update a property on an object using the Content Manager service, but the code samples mentioned above should help, along with the SDK guide on BaseClass.
Hope this information helps!
Hi,
I have gone through samples of 10.2.2 , I found Custom Authentication Provider code in that but I can’t find how to create tenant (which we manually add from Mutitenancy tab) via sdk
Can you please help me in that…
Thanks
Nilesh
Hi Nilesh,
Adding the tenant that you add through the multitenancy tab is something that is not done by custom authentication provider code, to my knowledge. The tenant object needs to be created in Cognos, which would be a function of Cognos SDK code that uses the add function of content manager. Once the object was created in content manager, of course, then content could be assigned to the tenant object and tenant verification could then begin.