topic Re: Rule to restrict reports edit for custom user group in SAS Visual Analytics https://communities.sas.com/t5/SAS-Visual-Analytics/Rule-to-restrict-reports-edit-for-custom-user-group/m-p/969833#M18816 <P>Good day,</P> <P>&nbsp;</P> <P data-start="64" data-end="173">Using explicit denials can make your security model more complex and harder to manage.</P> <P data-start="175" data-end="301">Instead, we generally recommend avoiding Prohibit rules and using selective grants to control access more effectively.</P> <P data-start="175" data-end="301">&nbsp;</P> <P data-start="303" data-end="436">Rather than denying access to a group, it's better to grant access only to the group that should be allowed to edit reports.</P> <P data-start="438" data-end="535">In SAS Viya, users have no permissions by default—they must be explicitly granted access.</P> <P data-start="438" data-end="535">&nbsp;</P> <P data-start="537" data-end="692">This documentation outlines the key concepts and includes a helpful example under the 'Example Instructions' section.</P> <P><A href="https://go.documentation.sas.com/doc/en/sasadmincdc/v_038/calatf/p0553cen37s4g6n1tlkmh8avbilu.htm" target="_blank">https://go.documentation.sas.com/doc/en/vacdc/v_019/varef/n0gvj6tc7l72t8n1e625v04x4vfb.htm</A></P> <P>&nbsp;</P> <P>Thanks</P> Fri, 27 Jun 2025 09:16:30 GMT lapent 2025-06-27T09:16:30Z Rule to restrict reports edit for custom user group https://communities.sas.com/t5/SAS-Visual-Analytics/Rule-to-restrict-reports-edit-for-custom-user-group/m-p/969802#M18814 <P>Hello,</P> <P>&nbsp;</P> <P>SAS VIYA Version LTS 2023.03</P> <P>&nbsp;</P> <P>I am trying to restrict the SAS Visual Analytics reports edit for a user group and I have created the rule bellow:</P> <P>&nbsp;</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="25%" class="lia-align-center"><STRONG>Object_URI</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Principal</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Setting</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Permissions</STRONG></TD> </TR> <TR> <TD width="25%">/SASVisualAnalytics_capabilities/edit</TD> <TD width="25%">"My_custom_group_name"</TD> <TD width="25%" class="lia-align-center">Prohibit</TD> <TD width="25%" class="lia-align-center">Read</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>I have also kept the original rule:</SPAN></P> <P>&nbsp;</P> <TABLE border="1"> <TBODY> <TR> <TD width="25%" class="lia-align-center"><STRONG>Object_URI</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Principal</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Setting</STRONG></TD> <TD width="25%" class="lia-align-center"><STRONG>Permissions</STRONG></TD> </TR> <TR> <TD width="25%">/SASVisualAnalytics_capabilities/edit</TD> <TD width="25%"><SPAN>Authenticated Users</SPAN></TD> <TD width="25%" class="lia-align-center">Grant</TD> <TD width="25%" class="lia-align-center">Read</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P><SPAN>When I tested the rule with the support of a colleagues from&nbsp;"My_custom_group_name" he was still able to enter the edit mode of the report.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can you please advise what other rules I need to add so that users cannot edit reports.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you,</SPAN></P> <P><SPAN>smm662002<BR />&nbsp;</SPAN></P> Thu, 26 Jun 2025 15:00:04 GMT https://communities.sas.com/t5/SAS-Visual-Analytics/Rule-to-restrict-reports-edit-for-custom-user-group/m-p/969802#M18814 smm662002 2025-06-26T15:00:04Z Re: Rule to restrict reports edit for custom user group https://communities.sas.com/t5/SAS-Visual-Analytics/Rule-to-restrict-reports-edit-for-custom-user-group/m-p/969833#M18816 <P>Good day,</P> <P>&nbsp;</P> <P data-start="64" data-end="173">Using explicit denials can make your security model more complex and harder to manage.</P> <P data-start="175" data-end="301">Instead, we generally recommend avoiding Prohibit rules and using selective grants to control access more effectively.</P> <P data-start="175" data-end="301">&nbsp;</P> <P data-start="303" data-end="436">Rather than denying access to a group, it's better to grant access only to the group that should be allowed to edit reports.</P> <P data-start="438" data-end="535">In SAS Viya, users have no permissions by default—they must be explicitly granted access.</P> <P data-start="438" data-end="535">&nbsp;</P> <P data-start="537" data-end="692">This documentation outlines the key concepts and includes a helpful example under the 'Example Instructions' section.</P> <P><A href="https://go.documentation.sas.com/doc/en/sasadmincdc/v_038/calatf/p0553cen37s4g6n1tlkmh8avbilu.htm" target="_blank">https://go.documentation.sas.com/doc/en/vacdc/v_019/varef/n0gvj6tc7l72t8n1e625v04x4vfb.htm</A></P> <P>&nbsp;</P> <P>Thanks</P> Fri, 27 Jun 2025 09:16:30 GMT https://communities.sas.com/t5/SAS-Visual-Analytics/Rule-to-restrict-reports-edit-for-custom-user-group/m-p/969833#M18816 lapent 2025-06-27T09:16:30Z