Architecting, installing and maintaining your SAS environment

Question about SAS Roles

Accepted Solution Solved
Reply
Contributor
Posts: 45
Accepted Solution

Question about SAS Roles

can someone explain to me what exactly is SAS roles?  in the management consolde, you can select users or groups to be members of a role.  then what does that do?

you set the authorization only to users and groups, not roles.  so not exactly clear what roles are for.


Accepted Solutions
Solution
‎06-15-2015 02:42 AM
Moderator
Posts: 238

Re: Question about SAS Roles

Hi Grumbler,

A role is collection of capabilities - the easiest way to envisage roles is to control menu options in the various role-enabled SAS applications.


For example:

  • you may want the Reporting user group to have access to the reporting features of Enterprise Guide, but not the Analytics (and vice-versa)
  • for security reasons, you may want to restrict upload/download of local data - again an EG menu option controllable through SAS roles.


So:

  • Think of security as what you can access
  • Think of Roles as what you are allowed to do with what you access.


I hope that helps.


Regards,

Andrew.

View solution in original post


All Replies
Trusted Advisor
Posts: 1,247

Re: Question about SAS Roles

Hi,

"Roles control the availability of application features such as certain menu items, plug-ins, and buttons. In the initial configuration, registered users have almost all non-administrative capabilities. In many cases, this is appropriate and sufficient." Roles and Capabilities were introduced in SAS 9.2 and this paper gives a nice summary overview of what SAS Roles are, how they relate to capabilities and the effect they have on some of the SAS clients. http://support.sas.com/resources/papers/proceedings10/324-2010.pdf

At the end of the paper are further resources for details. If you are after specific information on the roles, I'd suggest looking at the associated documentation in the SAS(R) 9.4 Intelligence Platform: Security Administration Guide, Second Edition or in the Security Admin Guide for the SAS version you are using.

Kind Regards,

Michelle

Solution
‎06-15-2015 02:42 AM
Moderator
Posts: 238

Re: Question about SAS Roles

Hi Grumbler,

A role is collection of capabilities - the easiest way to envisage roles is to control menu options in the various role-enabled SAS applications.


For example:

  • you may want the Reporting user group to have access to the reporting features of Enterprise Guide, but not the Analytics (and vice-versa)
  • for security reasons, you may want to restrict upload/download of local data - again an EG menu option controllable through SAS roles.


So:

  • Think of security as what you can access
  • Think of Roles as what you are allowed to do with what you access.


I hope that helps.


Regards,

Andrew.

Valued Guide
Posts: 3,208

Re: Question about SAS Roles

Sorry Andrew,  I disagree.  At first SAS used the word roles for menu tailoring.  Rbac role based accès control is a security principle but menu tailoring is not. The new word capabilities is better for menu tailoring. You cannot implement security by menu tailoring it is just helping not experienced users to see an overweight number of menu choices.

http://support.sas.com/documentation/cdl/en/bisecag/67045/HTML/default/viewer.htm#n0ebv8vttay59vn11b...

---->-- ja karman --<-----
☑ This topic is SOLVED.

Need further help from the community? Please ask a new question.

Discussion stats
  • 3 replies
  • 460 views
  • 8 likes
  • 4 in conversation