cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
rag
Calcite | Level 5 rag
Calcite | Level 5
Go to Solution

Creating roles in SMC

Posted 11-13-2012 03:00 PM (2415 views)

Hi,

I am trying to create roles in such a way that: useradmin roles has capabilities only to user management, library admin to be able to create only libraries in smc etc...i tried to create new roles and assign on particular capability for eg: only usermanager capability iin capability tab, and then even tried to deny readmetadata to sasusers for content management role but nothing worked.... ....i even tried to add usermanagement cabaility into contributing roles tab and tried all over again but nothin.. am i really missing something here....please advice...

Thanks.

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: Creating roles in SMC

Posted 11-13-2012 05:38 PM (3315 views)  |   In reply to rag

Hi,

I suspect you are experiencing this because the SASUSERS group (of which everyone who has a SAS identity is an implicit member of) is, by default, a member of the "Management Console: Advanced" role which provides access to a number of plug-ins (including User Manager, Data Library Manager and Authorization Manager).  If you want to limit a subset of your users to a smaller set of plug-ins then it will be necessary to first remove SASUSERS from this role (remembering to ensure that everyone who should have access to those plug-ins still has access to them via another role or roles).  An alternative way is to edit the "Management Console: Advanced" role and remove the capabilities you don't want to provide to SASUSERS, however modifying the capability set for pre-defined roles is not a recommend approach.  Instead the recommendations are to only modify the membership of the pre-defined roles and create custom roles with appropriate memberships when you need different capability sets.

In addition to the standard SAS documentation on roles and capabilities, I would recommend having a read of an excellent SAS Global Forum 2010 paper by Kathy Wisniewski on the topic: Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2.

I've also wrote about tracking multiple paths to a capability in a blog post last year: Capability Reviewer Preview: who has access to a capability and how?

I hope this helps.

Cheers

Paul

View solution in original post

3 REPLIES 3
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: Creating roles in SMC

Posted 11-13-2012 05:38 PM (3316 views)  |   In reply to rag

Hi,

I suspect you are experiencing this because the SASUSERS group (of which everyone who has a SAS identity is an implicit member of) is, by default, a member of the "Management Console: Advanced" role which provides access to a number of plug-ins (including User Manager, Data Library Manager and Authorization Manager).  If you want to limit a subset of your users to a smaller set of plug-ins then it will be necessary to first remove SASUSERS from this role (remembering to ensure that everyone who should have access to those plug-ins still has access to them via another role or roles).  An alternative way is to edit the "Management Console: Advanced" role and remove the capabilities you don't want to provide to SASUSERS, however modifying the capability set for pre-defined roles is not a recommend approach.  Instead the recommendations are to only modify the membership of the pre-defined roles and create custom roles with appropriate memberships when you need different capability sets.

In addition to the standard SAS documentation on roles and capabilities, I would recommend having a read of an excellent SAS Global Forum 2010 paper by Kathy Wisniewski on the topic: Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2.

I've also wrote about tracking multiple paths to a capability in a blog post last year: Capability Reviewer Preview: who has access to a capability and how?

I hope this helps.

Cheers

Paul

rag
Calcite | Level 5 rag
Calcite | Level 5

Re: Creating roles in SMC

Posted 11-14-2012 01:52 PM (2261 views)  |   In reply to PaulHomes

Thanks Paul, That really helped me. I saw that SASUsers was group was added to content management role but then i removed it from there and denied read metadata option for sasusers there and it looks like it worked. But will have to test and see if removing sasusers affects any user/role or anything.

Thank you much.

Ragu.

0 Likes
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: Creating roles in SMC

Posted 11-14-2012 06:48 PM (2261 views)  |   In reply to rag

Glad I could help.  By the way, you don't normally need to change the metadata permissions on the roles (away from the defaults) unless you have particular requirements to do so.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • ‎11-13-2012 03:00 PM
  • 2416 views
  • 3 likes
  • 2 in conversation