Hello @MG18,

here is what I would do/try:

- check if your maintenance level is SAS 9.3 TS2M3, or not. If it is not the last maintenance, chances are high that several questions would be solved by patching SAS.

- check for the avialable hotfixes, and when you get the list, check if any of them addresses any of your questions.

- check if a migration to 9.4 is an option.

- check with SAS Technical Support, it seems as an appropiate question for them.

Kind regards,

Juan

Those AML applications (and capabilities) shown in the SAS Management Console User Manager role Capabilities tab look possibly site-specific, given the suffixes (BU_JO, BU_PSE etc). I don't have AML so cannot investigate this myself. Does AML create those for you or have you created them for yourself (using ApplicationMetadataUtility)?

The capability that has a grey dot in front of its name, and has a grey background to the checkbox, indicates a capability that has been granted through a contributing role. If you look at the Contributing Roles tab, one of the roles in that tab will have had that capability ticked/granted in its own Capabilities tab. Contributed capability grants cannot be un-granted in a role where they have been contributed - they can either be explicitly re-granted in the role where they have been contributed (to always be granted regardless of what happens in the contributing role), or be un-granted in the source contributing role itself. For more info on roles and capabilities I would recommend reading Kathy Wisniewski's SAS Global Forum 2010 Paper (324-2010) Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2 It's several years/versions old now but most of it still applies today and is a quick and easy read. Also tracing capability access can be tricky and time consuming so if you are interested in a commercial tool that can help with that, there's a Capability Reviewer in Metacoda Security Plug-ins that can show who has a capability and how they get it (included which contributing roles provide might be providing it). I wrote a blog post about it a few years ago that has some examples.

Hi All, 

Those changes has been  activated  after that  i have  run the sync users script aml_omr_sync_users.sas  and changes are reflecting in the AML screen also But still i am not able to find the below capabilities in SAS management console  and same are available in SAS AML System Administrator Screen URL.

• View Risk Assessment.
• Regulatory Reports – Edit.
• Regulatory Reports – View.

 if any one has faced this issue please let me know the solution for the same.

Do you know if the program aml_omr_sync_users.sas is custom written for your organisation or part of the SAS AML Solution? The name of the program suggests AML Open Metadata Repository sync users - i.e. sync users (from AD?) into metadata for AML. Perhaps it manipulates role (IdentityGroup) and capability (ApplicationAction) metadata too but without seeing the code itself it is impossible to tell.

I think you may get the best response by following this up with SAS AML specialists in SAS Technical Support, or whoever installed and configured the SAS AML Solution for you - perhaps SAS Professional Services or a SAS Partner?

Hi Paul,

I got the response from the SAS technical team also and This is script come the part of the SAS AML solution .

Basically I have one question about the capabilities  as  i am not able to find the below capabilities in SAS management console  and same are available in SAS AML System Administrator Screen URL.

• View Risk Assessment.
• Regulatory Reports – Edit.
• Regulatory Reports – View.

Many Thanks for your valuable help.

If that script is part of the SAS AML solution then it is probably best for you to work with SAS Tech Support to resolve this. I don't have access to that software to investigate any further myself. If I did I would probably search for the ApplicationAction objects in metadata to see if they have been able to be associated with the AML applications to show up in SAS MC. Also review the script and its logs to see where and how it might go wrong.

Unless other community members have experience with this aspect of SAS AML then SAS tech support will be your best option (as always).

If you do get a resolution please report back on this thread so it might be useful to others in future.

Cheers
Paul