topic Re: Question about SAS Roles in Administration and Deployment

Question about SAS Roles

Grumbler — Mon, 15 Jun 2015 04:31:37 GMT

can someone explain to me what exactly is SAS roles? in the management consolde, you can select users or groups to be members of a role. then what does that do?

you set the authorization only to users and groups, not roles. so not exactly clear what roles are for.

Re: Question about SAS Roles

MichelleHomes — Mon, 15 Jun 2015 04:55:59 GMT

Hi,

"Roles control the availability of application features such as certain menu items, plug-ins, and buttons. In the initial configuration, registered users have almost all non-administrative capabilities. In many cases, this is appropriate and sufficient." Roles and Capabilities were introduced in SAS 9.2 and this paper gives a nice summary overview of what SAS Roles are, how they relate to capabilities and the effect they have on some of the SAS clients. http://support.sas.com/resources/papers/proceedings10/324-2010.pdf

At the end of the paper are further resources for details. If you are after specific information on the roles, I'd suggest looking at the associated documentation in the SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition or in the Security Admin Guide for the SAS version you are using.

Kind Regards,

Michelle

Re: Question about SAS Roles

AndrewHowell — Mon, 15 Jun 2015 06:42:35 GMT

Hi Grumbler,

A role is collection of capabilities - the easiest way to envisage roles is to control menu options in the various role-enabled SAS applications.

For example:

you may want the Reporting user group to have access to the reporting features of Enterprise Guide, but not the Analytics (and vice-versa)
for security reasons, you may want to restrict upload/download of local data - again an EG menu option controllable through SAS roles.

So:

Think of security as what you can access
Think of Roles as what you are allowed to do with what you access.

I hope that helps.

Regards,

Andrew.

Re: Question about SAS Roles

jakarman — Mon, 15 Jun 2015 13:54:12 GMT

Sorry Andrew, I disagree. At first SAS used the word roles for menu tailoring. Rbac role based accès control is a security principle but menu tailoring is not. The new word capabilities is better for menu tailoring. You cannot implement security by menu tailoring it is just helping not experienced users to see an overweight number of menu choices.

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0ebv8vttay59vn11b5ar2i8ewyg.htm