topic Re: Basic User Permissions: how do I restrict users with permissions in Administration and Deployment

Basic User Permissions: how do I restrict users with permissions

wjsnyder — Tue, 05 Jul 2016 22:47:30 GMT

Hello,

I am new application administrator at my institue and have been told I will be working with our SAS softwar. I have two co-workers who have been at the institue through the first phase (SAS is brand new to our institue) of installation SAS. Currenlty the tech that our institue talking with is helping a department set up an appropriate file structure. What I am trying to wrap my head around are the user permissions. We currenlty are using PUBLIC type users that receieve their sign on from our Active Directory. Problem I am running into is every one can see every one else's folders and information. I have looked over several documents but can't wrap my head around the permissions.

These are the doucuments I have been looking at. We are using SAS Managment Console 9.4

1. http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p03h42tf0s7ogyn1pqtsesbu3xuk.htm

2.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#p0soxnjm1vtia9n10f9n7ll0ptnr.htm

3.http://support.sas.com/documentation/cdl/en/bisag/68240/HTML/default/viewer.htm#n0sopkld74t0wyn1b3wrkjpylddn.htm

4.http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n1gwrrpfx9ujqun17syl8yknhgy0.htm

5.http://support.sas.com/documentation/cdl/en/mcsecug/64770/HTML/default/viewer.htm#n1onkjqqkpz6fin1k0rnufxp57ie.htm

I have found that Roles allow me to limit groups or user to which applications they can see be I don't understand how I can limit groups into seeing only certain folders.

If someone could assist me into breaking this infromation down to more easily digestable information or provide me with an example of how do I make one person not be able to look at another person's file that would be great.

Thanks!

Re: Basic User Permissions: how do I restrict users with permissions

JuanS_OCS — Wed, 06 Jul 2016 07:50:14 GMT

Hi,

probably you are giving too many permissions to the SASUSERS or PUBLIC groups.

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cdu2wvt47j78.htm

- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).

- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.

- Then, on the folders, SASUSERS and PUBLIC should have Denied all.

- Ensure the SAS Administrators have full permissions on each folder.

- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.

- Then provide the required permissions to groups on the root folders.

- Deny the permissions to groups should not access on the root folders.

And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier 🙂

http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154l3db92mp0w.htm

http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm

I hope this can help you a bit.

Re: Basic User Permissions: how do I restrict users with permissions

JuanS_OCS — Fri, 08 Jul 2016 11:08:50 GMT

Hi @wjsnyder,

I would like to follow up the progress of your question. Was your question resolved ?

Thank you in advance,

Best regards,

Juan

Re: Basic User Permissions: how do I restrict users with permissions

wjsnyder — Fri, 08 Jul 2016 15:28:28 GMT

Juan,

It was these references pointed me to where I need to go to be able to get a sound foundational understanding of the environment in front of me.

Thank you.

Wayne