cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
Key123
Fluorite | Level 6 Key123
Fluorite | Level 6

Metadata Migration Preserve Permissiosn

Posted 01-17-2025 10:50 AM (1293 views)

I am performing a manual metadata migration from M6 to M8. In the old environment users created metadata objects on own metadata user folders with their own user id , no folder structure followed on BU/ORG level and no ACT's applied. 

 

I am performing migration with the account "sasadm@saspw" and would like to ensure users will not have permission issues on their folder/objects after moving to the new environment(sasadm vs Individual user-id). 

 

Reply
2 REPLIES 2
Nigel_Pain
Barite | Level 11 Nigel_Pain
Barite | Level 11

Re: Metadata Migration Preserve Permissiosn

Posted 01-17-2025 11:17 AM (1279 views)  |   In reply to Key123

If you're doing a full migration my guess is that the permissions would be retained. You may not have applied ACTs but there will be ACEs, either explicit or inherited. If you want to confirm this, examine the permissions on some of them. Here's an example of my own:

Nigel_Pain_0-1737129773898.png

You'll see all permissions are granted except WM, but including WMM. As I say, a full metadata migration will include everything (by definition), including all the access controls that are defined.

If you want to dig into it further, the base SAS front-end has a very useful metadata browser in Tools, Accessories, or I believe Metacoda have a useful plugin to SASMC @MichelleHomes ?

Reply
PaulHomes
Rhodochrosite | Level 12 PaulHomes
Rhodochrosite | Level 12

Re: Metadata Migration Preserve Permissiosn

Posted 01-17-2025 09:04 PM (1243 views)  |   In reply to Key123

In a manual migration, when you import the metadata package (.spk file), you get a choice as to whether you want to include/import access controls or not. The access controls are always exported in the spk file but you get to choose whether you want to import them or not.

 

Although there may not be any manually added access controls on the content in your user folders there will be some access controls added automatically by SAS when the user folder was created. You will see an ACT (Private User Folder ACT) and a set of explicit permissions on each users "My Folder" and "Application Data" folders.  This sample screenshot of the Metacoda Permissions Tracer shows them and their impact on a users My Folder:

 

2025-01-18-sas-user-folder-permissions.png

 

It is these automatically added access controls which prevent users from seeing inside each others user folders but allows them to add content to their own. You will most likely want to retain that setup in the new environment by importing the access controls. Alternatively if you get each user to login into the new environment so that SAS automatically creates and secures the user folders then you can import the user folder contents later without access controls and let permission inheritance do its work.

 

Thanks @Nigel_Pain for mentioning our plug-ins. As mentioned, you might find these useful to review and/or test the metadata security implementation in your old and new environments. If you want to try them out you can register to get a free 30 day evaluation license at https://www.metacoda.com/en/evaluation/

Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Upcoming Events
View All
Get Started with SAS Information Catalog in SAS Viya

Learn how to explore data assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎01-17-2025 10:50 AM
  • 1294 views
  • 5 likes
  • 3 in conversation