https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/509002#M14837 <P>You might want to provide some more specific info (examples may help) so&nbsp;community members can give you more targeted assistance. e.g. which SAS version and platform is this for? Are you looking for help with access controls or just SAS roles and capabilities? It sounds like it might be a combination of several things. By role do you mean a SAS "Role" or a generic job role?</P> <P>&nbsp;</P> <P>As&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/13976">@SASKiwi</a>&nbsp;mentioned SAS metadata bound libraries&nbsp;may help here. You will probably also need to look at access controls in metadata (via ACTs/ACEs for groups on objects), access controls in the file system (UNIX, Linux or WIndows?) and role/capabilities in metadata (to control access to SAS application features) - a multi-layered approach.</P> <P>&nbsp;</P> <P>If your question is&nbsp;only about SAS roles and capabilities then I would suggest the following resources:</P> <UL> <LI><A href="https://documentation.sas.com/?docsetId=bisecag&amp;docsetTarget=p0izoyy5zh63k4n19lz9mlzremt9.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Metadata Roles</A> section (and associated links) in the <EM>SAS® 9.4 Intelligence Platform: Security Administration Guide</EM>.</LI> <LI><A href="https://documentation.sas.com/?docsetId=bidaag&amp;docsetTarget=n0jklogerfgzv2n1h0spll13lnpf.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Administering Roles</A> section in the&nbsp;<EM>SAS® 9.4 Intelligence Platform: Desktop Application Administration Guide</EM>.</LI> <LI><A href="https://documentation.sas.com/?docsetId=mcsecug&amp;docsetTarget=n0s6jxhq6hmvb3n107jastiuavn9.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Assign Capabilities to a Role</A> section in the&nbsp;<EM>SAS® 9.4 Management Console: Guide to Users and Permissions.</EM></LI> <LI>SAS Global Forum 2010 Paper (324-2010) "<A href="http://support.sas.com/resources/papers/proceedings10/324-2010.pdf" target="_self">Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2</A>" by Kathy Wisniewski</LI> </UL> <P>&nbsp;</P> Wed, 31 Oct 2018 05:36:29 GMT PaulHomes 2018-10-31T05:36:29Z https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/508800#M14828 <P>Hi SAS Admins,&nbsp;</P><P>We have a custom SAS security set up and I need to add an additional role for our organization. I need to create a role that only allows users to access and import sas datasets through libraries pointing to&nbsp;specific physical folders on our&nbsp;SAS server. I know how to create the libraries in Management console.&nbsp; I do not want to allow them any other SAS capabilities for this role (they will get those from another role). Can you please help?</P> Tue, 30 Oct 2018 16:30:51 GMT https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/508800#M14828 missmindi 2018-10-30T16:30:51Z https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/508891#M14831 <P>If you want to limit SAS users to accessing SAS data through only libraries set up in metadata and not be able to bypass metadata security by defining their own LIBNAMEs then you need to look at metadata-bound libraries:</P> <P><A href="https://documentation.sas.com/?docsetId=seclibag&amp;docsetTarget=n0tzurc8qfze0vn13z4n6j6mzz14.htm&amp;docsetVersion=9.4&amp;locale=en" target="_blank">https://documentation.sas.com/?docsetId=seclibag&amp;docsetTarget=n0tzurc8qfze0vn13z4n6j6mzz14.htm&amp;docsetVersion=9.4&amp;locale=en</A></P> <P>&nbsp;</P> <P>I suggest you read the documentation in the link carefully as setting these up is not trivial and it also requires more administration.&nbsp;</P> Tue, 30 Oct 2018 19:05:19 GMT https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/508891#M14831 SASKiwi 2018-10-30T19:05:19Z https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/509002#M14837 <P>You might want to provide some more specific info (examples may help) so&nbsp;community members can give you more targeted assistance. e.g. which SAS version and platform is this for? Are you looking for help with access controls or just SAS roles and capabilities? It sounds like it might be a combination of several things. By role do you mean a SAS "Role" or a generic job role?</P> <P>&nbsp;</P> <P>As&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/13976">@SASKiwi</a>&nbsp;mentioned SAS metadata bound libraries&nbsp;may help here. You will probably also need to look at access controls in metadata (via ACTs/ACEs for groups on objects), access controls in the file system (UNIX, Linux or WIndows?) and role/capabilities in metadata (to control access to SAS application features) - a multi-layered approach.</P> <P>&nbsp;</P> <P>If your question is&nbsp;only about SAS roles and capabilities then I would suggest the following resources:</P> <UL> <LI><A href="https://documentation.sas.com/?docsetId=bisecag&amp;docsetTarget=p0izoyy5zh63k4n19lz9mlzremt9.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Metadata Roles</A> section (and associated links) in the <EM>SAS® 9.4 Intelligence Platform: Security Administration Guide</EM>.</LI> <LI><A href="https://documentation.sas.com/?docsetId=bidaag&amp;docsetTarget=n0jklogerfgzv2n1h0spll13lnpf.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Administering Roles</A> section in the&nbsp;<EM>SAS® 9.4 Intelligence Platform: Desktop Application Administration Guide</EM>.</LI> <LI><A href="https://documentation.sas.com/?docsetId=mcsecug&amp;docsetTarget=n0s6jxhq6hmvb3n107jastiuavn9.htm&amp;docsetVersion=9.4&amp;locale=en" target="_self">Assign Capabilities to a Role</A> section in the&nbsp;<EM>SAS® 9.4 Management Console: Guide to Users and Permissions.</EM></LI> <LI>SAS Global Forum 2010 Paper (324-2010) "<A href="http://support.sas.com/resources/papers/proceedings10/324-2010.pdf" target="_self">Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2</A>" by Kathy Wisniewski</LI> </UL> <P>&nbsp;</P> Wed, 31 Oct 2018 05:36:29 GMT https://communities.sas.com/t5/Administration-and-Deployment/New-Role-in-Management-console-only-access-data-through/m-p/509002#M14837 PaulHomes 2018-10-31T05:36:29Z