BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
pbad
Obsidian | Level 7

 

Dear team,

 

 I do not agree with the answer supplied for the follwoing question at http://support.sas.com/certify/samples.html.

 

Question 6

By default, which groups have WriteMetadata on the Foundation repository? A.PUBLIC
B.SASUSERS
C.ADMINISTRATORS ONLY
D.SAS SYSTEM SERVICES ONLY
correct_answer = "B"

 

As per my analysis the correct answer should be "C". My answer is supported with the attached screenshot. Kindly propose your views. Thanks, Pratik

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
PaulHomes
Rhodochrosite | Level 12

To avoid further confusion, in my comment "I think the wording of the question could be improved for better clarity" I was talking about the certification sample question and not your SAS Communities question. I could do with writing with more clarity myself 😉

View solution in original post

3 REPLIES 3
PaulHomes
Rhodochrosite | Level 12

From your screenshot it looks like you are looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in. That does show +WM only for the "SAS Administrators" group (and there are of course the implied unrestricted users).

 

I assume that question is posing the more useful question about what are default permissions, in the abscence of any other access controls, with respect to WriteMetadata on objects within the Foundation repository, as determined by the repository ACT for the Foundation repository, which is usually named Default ACT (by default). In which case it is (B) SASUSERS. The "SAS Administrators" and "SAS System Services" groups also get +WM in Default ACT but anyone who is a member of those groups must also be an implicit member of SASUSERS too. By elimination it is also none of A, C, or D (by default).

 

For more info on the (default) Default ACT see Permission Patterns in Predefined ACTs in the SAS 9.4 Intelligence Platform: Security Administration Guide.

 

To be pedantic, option (c) is somewhat ambigious too as there are various types of administrators. There are unrestricted administrators (members of the "Metadata Server: Unrestricted" role and those whose userids appear with an asterisk prefix in adminUsers.txt) who would always implicitly have +WM. Then there are restricted administrators: user administrators (members of the "Metadata Server: User Administration" role) and server administrator (members of the "Metadata Server: Operation" role) of which both roles have the "SAS Administrators" group as a member by default.  Then of course if you have other products like VA etc there are various other "administrators" groups and roles.

 

I understand the confusion. I think the wording of the question could be improved for better clarity.

pbad
Obsidian | Level 7

Dear Paul,

 

 Thank you for your answer. I agree with your explanation. I will also explore the details in the attached link and get back to you in case of any confusion. Your assumption is right. I am looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in. In addition I will explain my question in detail next time.

 

 

PaulHomes
Rhodochrosite | Level 12

To avoid further confusion, in my comment "I think the wording of the question could be improved for better clarity" I was talking about the certification sample question and not your SAS Communities question. I could do with writing with more clarity myself 😉

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1781 views
  • 7 likes
  • 2 in conversation