Cognos Controller 10.1
All users have access to all in Cognos Controller even due they should not because the users are entered and the security groups are created and applied inside Cognos Controller.
Only the ADM user can inside Cognos Controller active or deactivate the Security System, from inside the dialog Maintain -Rights -users.
When Cognos Controller is using Cognos BI authentication, the CAM users, then the first person to login to Cognos Controller at a new installation become the internal ADM user in Cognos Controller.
Other persons you add to Cognos Controller as Group Administrators can change users rights in the system, but not active Cognos Controller to use the Security settings.
Log in to Cognos Controller as the ADM user.
This is the person that is shown as ADM user in MAINTAIN - RIGHTS -USERS dialog.
Go to MAINTAIN - RIGHTS -USERS dialog
In the lower left corner mark "Security Systems Enabled"
Click on SAVE icon
Exit Cognos Controller Client.
Recommended to do this the first time you login to Cognos Controller as ADM.
A person in Cognos Controller that is Group Administrator ( and part of the Cognos connection group controller administrators) can do all changes and security changes in the Cognos Controller application except only this on ( mark the "Security Systems Enabled").