https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361483#M8727 <P>Dear Paul,</P><P>&nbsp;</P><P>&nbsp;Thank you for your answer. I agree with your explanation. I will also explore the details in the attached link and get back to you in case of any confusion. Your assumption is right. I am looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in.&nbsp;In addition&nbsp;I will explain my question in detail next time.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 May 2017 05:44:48 GMT pbad 2017-05-25T05:44:48Z https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361472#M8722 <P>&nbsp;</P><P>Dear team,</P><P>&nbsp;</P><P>&nbsp;I&nbsp;do not agree with&nbsp;the answer supplied for the follwoing question at <A href="http://support.sas.com/certify/samples.html" target="_blank">http://support.sas.com/certify/samples.html</A>.</P><P>&nbsp;</P><P>Question 6</P><P>By default, which groups have WriteMetadata on the Foundation repository? A.PUBLIC<BR />B.SASUSERS<BR />C.ADMINISTRATORS ONLY<BR />D.SAS SYSTEM SERVICES ONLY<BR />correct_answer = "B"</P><P>&nbsp;</P><P>As per my analysis the correct answer should be "C". My answer is supported with the attached screenshot. Kindly propose your views. Thanks, Pratik</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 May 2017 04:44:03 GMT https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361472#M8722 pbad 2017-05-25T04:44:03Z https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361479#M8725 <P>From your screenshot it looks like you are looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in. That does show +WM only for the "SAS Administrators" group (and there are of course the implied unrestricted users).</P> <P>&nbsp;</P> <P>I assume that question is posing the more useful question about what are default permissions, in the abscence of any other access controls, with respect to WriteMetadata on objects <STRONG>within</STRONG> the Foundation repository, as determined by the repository ACT for the Foundation repository, which is usually named Default ACT (by default). In which case it is (B) SASUSERS. The "SAS Administrators" and "SAS System Services" groups also get +WM in Default ACT but anyone who is a member of those groups must also be an implicit member of SASUSERS too. By elimination it is also none of A, C, or D (by default).</P> <P>&nbsp;</P> <P>For more info on the (default) Default ACT see&nbsp;<A href="https://support.sas.com/documentation/cdl/en/bisecag/69827/HTML/default/viewer.htm#p0vhii6t8n64a0n154l3db92mp0w.htm" target="_self">Permission Patterns in Predefined ACTs</A> in the <EM>SAS 9.4 Intelligence Platform: Security Administration Guide</EM>.</P> <P>&nbsp;</P> <P>To be pedantic, option (c) is somewhat ambigious too as there are various types of administrators. There are unrestricted administrators (members of the "Metadata Server: Unrestricted" role and those whose userids appear with an asterisk prefix in adminUsers.txt) who would always implicitly have +WM. Then there are restricted administrators: user administrators (members of the "Metadata Server: User Administration" role) and server administrator (members of the "Metadata Server: Operation" role) of which both roles have the "SAS Administrators" group as a member by default.&nbsp; Then of course if you have other products like VA etc there are various other "administrators" groups and roles.</P> <P>&nbsp;</P> <P>I understand the confusion. I think the wording of the question could be improved for better clarity.</P> Thu, 25 May 2017 05:33:10 GMT https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361479#M8725 PaulHomes 2017-05-25T05:33:10Z https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361483#M8727 <P>Dear Paul,</P><P>&nbsp;</P><P>&nbsp;Thank you for your answer. I agree with your explanation. I will also explore the details in the attached link and get back to you in case of any confusion. Your assumption is right. I am looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in.&nbsp;In addition&nbsp;I will explain my question in detail next time.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 May 2017 05:44:48 GMT https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361483#M8727 pbad 2017-05-25T05:44:48Z https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361485#M8728 <P>To avoid further confusion, in my comment "<EM>I think the wording of the question could be improved for better clarity</EM>" I was talking about the certification sample question and not your SAS Communities question. I could do with writing with more clarity myself <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Thu, 25 May 2017 05:51:37 GMT https://communities.sas.com/t5/Administration-and-Deployment/WriteMetadata-access-on-the-Foundation-repository/m-p/361485#M8728 PaulHomes 2017-05-25T05:51:37Z