Hi,
probably you are giving too many permissions to the SASUSERS or PUBLIC groups.
http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0pt0r7u55rqu2n1cd...
- PUBLIC should have deny on all the metadata. (on the Default ACT would make life much easier to you).
- SASUSERS should have allow read metadata by default (on the Default ACT), the other permissions should be denied.
- Then, on the folders, SASUSERS and PUBLIC should have Denied all.
- Ensure the SAS Administrators have full permissions on each folder.
- Ensure the SAS System Services can have the required permissions: SAS System Services group a grant of ReadMetadata permission on the folders.
- Then provide the required permissions to groups on the root folders.
- Deny the permissions to groups should not access on the root folders.
And again, if you can implement this with ACTs, this is a bit more time in the begining, it requires some design, but afterwards your life will be easier 🙂
http://support.sas.com/documentation/cdl/en/bisecag/63082/HTML/default/viewer.htm#p0vhii6t8n64a0n154...
http://support.sas.com/documentation/cdl/en/bisecag/61133/HTML/default/viewer.htm#a003271263.htm
I hope this can help you a bit.