Hi all,
To set up a Change Managed folder in SAS DI is quite easy!:
Create a Change-Managed Folder in the Folders Tree - http://support.sas.com/documentation/cdl/en/bidaag/69032/HTML/default/viewer.htm#p0jwlqhvab11lrn130h...
Therefore, it should only require, on each managed folder (and only on them):
- Users with Project repositories: RM, and Check for the metadata. Optionally: R,W, and other full permissions for the data, except administer.
- Job deployers: RM and WM (+Scheduling role) should be enough.
But apparently it is not enough in my case for one specific project. There seem to be external components (not even in SAS Folders, but in the metadata) to administer permissions.
An example of an error during a check out:
MyUser@DOMAIN - User is not authorized to Checkout object QueryTable : 'Subquery_Results_46603 (sq)' (Id="A5VCWKRJ.CQ0000F3").
If I search by the Id or Subquery_Results, SMC cannot find the object.
A - Of course a SAS Foundation metabrowse can find the object in the metadata.
B - I can also find the object within SMC in Resource Management- By Type - and then Query Table or Prototype (for Prototype objects), etc.
On those metadata itemes I simply cannot provide permissions because there is no SAS Fflder. I can only provide permissions, individually, object by object (whithin option B), but there are hundreds of them. Not an option.
Therefore:
- correct permissions on those folders (as following SAS best practices) are not enough.
- Only if I apply permissions in ALL the metadata, through the Default ACT which is quite unsecure and unclear, then I can apply the permission on the object.
Hopefully you know more than I do, and one of you can help here: how can I apply, securely and manageable, permissions in the other metadata objects that are not under the Change Managed folders?
Thank you in advance,
Best regards,
Juan