BookmarkSubscribeRSS Feed
MG18
Lapis Lazuli | Level 10

Hi all, 

 

Recently I have created the new custom Role with new capabilities and assigned it to user and roles.

  1. But out of 10 only 6 capabilities are reflecting in the dashboard from System Administrator Screen and other 1(manage list ) is not reflecting in the System Administrator Screen.  
    1. Manage Lists> we did it but it does not reflect.
  2. I am not able to find the below mentioned capabilities in SAS management console .

    View Risk Assessment> we could not find it on the system.

    Regulatory Reports – Edit> we could not find it on the system.

    Regulatory Reports – View> we could not find it on the system.

     

  3. I came to below screenshot for one capability and not able to understand meaning of it. why this capability has the dot befor eits name.
  4. query.JPG

I am using the SAS9.3 , if any one has faced this kind of issue ,Please help me in this.

Many thanks in advance. 

 

6 REPLIES 6
JuanS_OCS
Amethyst | Level 16

Hello @MG18,

 

here is what I would do/try:

 

- check if your maintenance level is SAS 9.3 TS2M3, or not. If it is not the last maintenance, chances are high that several questions would be solved by patching SAS.

- check for the avialable hotfixes, and when you get the list, check if any of them addresses any of your questions.

- check if a migration to 9.4 is an option.

- check with SAS Technical Support, it seems as an appropiate question for them.

 

Kind regards,

Juan

PaulHomes
Rhodochrosite | Level 12

Those AML applications (and capabilities) shown in the SAS Management Console User Manager role Capabilities tab look possibly site-specific, given the suffixes (BU_JO, BU_PSE etc). I don't have AML so cannot investigate this myself. Does AML create those for you or have you created them for yourself (using ApplicationMetadataUtility)?

 

The capability that has a grey dot in front of its name, and has a grey background to the checkbox, indicates a capability that has been granted through a contributing role. If you look at the Contributing Roles tab, one of the roles in that tab will have had that capability ticked/granted in its own Capabilities tab. Contributed capability grants cannot be un-granted in a role where they have been contributed - they can either be explicitly re-granted in the role where they have been contributed (to always be granted regardless of what happens in the contributing role), or be un-granted in the source contributing role itself. For more info on roles and capabilities I would recommend reading Kathy Wisniewski's SAS Global Forum 2010 Paper (324-2010) Be All That You Can Be: Best Practices in Using Roles to Control Functionality in SAS® 9.2 It's several years/versions old now but most of it still applies today and is a quick and easy read. Also tracing capability access can be tricky and time consuming so if you are interested in a commercial tool that can help with that, there's a Capability Reviewer in Metacoda Security Plug-ins that can show who has a capability and how they get it (included which contributing roles provide might be providing it). I wrote a blog post about it a few years ago that has some examples.

MG18
Lapis Lazuli | Level 10

Hi All, 

 

Those changes has been  activated  after that  i have  run the sync users script aml_omr_sync_users.sas  and changes are reflecting in the AML screen also But still i am not able to find the below capabilities in SAS management console  and same are available in SAS AML System Administrator Screen URL.

  • View Risk Assessment.
  • Regulatory Reports – Edit.
  • Regulatory Reports – View.

 if any one has faced this issue please let me know the solution for the same.

 

PaulHomes
Rhodochrosite | Level 12

Do you know if the program aml_omr_sync_users.sas is custom written for your organisation or part of the SAS AML Solution? The name of the program suggests AML Open Metadata Repository sync users - i.e. sync users (from AD?) into metadata for AML. Perhaps it manipulates role (IdentityGroup) and capability (ApplicationAction) metadata too but without seeing the code itself it is impossible to tell.

 

I think you may get the best response by following this up with SAS AML specialists in SAS Technical Support, or whoever installed and configured the SAS AML Solution for you - perhaps SAS Professional Services or a SAS Partner?

MG18
Lapis Lazuli | Level 10

Hi Paul,

 

I got the response from the SAS technical team also and This is script come the part of the SAS AML solution .

Basically I have one question about the capabilities  as  i am not able to find the below capabilities in SAS management console  and same are available in SAS AML System Administrator Screen URL.

  • View Risk Assessment.
  • Regulatory Reports – Edit.
  • Regulatory Reports – View.

Many Thanks for your valuable help.

PaulHomes
Rhodochrosite | Level 12

If that script is part of the SAS AML solution then it is probably best for you to work with SAS Tech Support to resolve this. I don't have access to that software to investigate any further myself. If I did I would probably search for the ApplicationAction objects in metadata to see if they have been able to be associated with the AML applications to show up in SAS MC. Also review the script and its logs to see where and how it might go wrong.

 

Unless other community members have experience with this aspect of SAS AML then SAS tech support will be your best option (as always).

 

If you do get a resolution please report back on this thread so it might be useful to others in future.

 

Cheers
Paul

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 6 replies
  • 2336 views
  • 4 likes
  • 3 in conversation