SQL Server Backend Security Lockdown for new Cognos 10 upgrade project

Hi all.
Any assistance regarding the following would be greatly appreciated.

I have been tasked with configuring the backend SQL Server Database server(SQL Server 2008R2) for a Cognos version 8 to 10 upgrade project (from SQL Server 2000) and as I would like to apply least level access privileges, I was wondering whether anyone would be able to provide me with more information and the best way to lock down the security on the database server / databases while still ensuring that the users will be able to perform their tasks.

As this is an upgrade project, the existing security model is a mess on the production system. My aim is to only make use of Windows AD Groups wherever possible and assign permissions for the AD Groups instead of individual AD accounts and generic SQL Server Login accounts.

I have searched the internet and have found two articles: ‘Suggested Settings for Creating the Content Store in Microsoft SQL Server’ and the ‘Microsoft SQL Server Data Sources’, but am uncertain whether only applying these setting s would be sufficient enough.

I believe the business makes use of Content Manager, Framework Manager, transformer, and other data sources.

Many thanks in advance.

Hi Xyberdobs,

did you make any progress on this matter?