Grating,
We have a requirement to segregate the SMC plug-in based on the SAS admin user role. For example, SAS security user can only see (User Manager) plug-in and all other should be disabled and on the other hand, the SAS server Admin user, can see only (server manager)
Is there any way to achieve this.
Regards
Hi @Saud,
As @LinusH pointed out it is with Role-based capabilities to enable this. We have a step by step description with screen shots to describe how to enable Metacoda Plug-ins in SAS Management Console at http://platformadmin.com/blogs/paul/2012/02/metacoda-security-plug-ins-role-based-access/ You may find these visual instructions useful and in step 4 is the capability tab for the SMC plug-in(s) you wish to enable.
Kind Regards,
Michelle
There are something called "Capabilities", which lets you restrict functionality in some SAS clients based on user/group membership. Not sure if there is a capability for your specific requirement, but this i definitely your starting point.
Hi @Saud,
As @LinusH pointed out it is with Role-based capabilities to enable this. We have a step by step description with screen shots to describe how to enable Metacoda Plug-ins in SAS Management Console at http://platformadmin.com/blogs/paul/2012/02/metacoda-security-plug-ins-role-based-access/ You may find these visual instructions useful and in step 4 is the capability tab for the SMC plug-in(s) you wish to enable.
Kind Regards,
Michelle
The capabilties are for menu-tailoring in some programs like SMC. Your requiement however is looking to come by a requirement normally known as "segregation of duties"
The do not offer real security segration as that part is not menu tailoring but of autorisation on objects.
The user-management plugin as menu is no problem for normal users as they shoudl be able and maintain their own login settings. (authdomains).
There is another reason users could easily see other users in the metadata. There is an option of distribution output by registered mail-adresses in the SAS-metadata. Using that you must be able to read those
Something strange there, as user can add uncontrolled autdomains themself but not deleting them again. Seeing groups/logins can have the impact you can also change those. Change is wanted wiht logins not wiht the groupmembership the latter is effectively sayin granting yourself any righst as you like. Wiht 9.1.3 and using DI that granting of groups by users themself was not preventable.
The normal requiment would be an restricted (not the unrestricted) SAS adminsitrator is the only one responsible for user management (adding/deleting identities) and can be combined wiht granting/deleting group to users.
Jakarman Thanks a lot. I’ll discover suggested solution which's looks interesting
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.