Architecting, installing and maintaining your SAS environment

WriteMetadata access on the Foundation repository

Accepted Solution Solved
Reply
Occasional Contributor
Posts: 9
Accepted Solution

WriteMetadata access on the Foundation repository

 

Dear team,

 

 I do not agree with the answer supplied for the follwoing question at http://support.sas.com/certify/samples.html.

 

Question 6

By default, which groups have WriteMetadata on the Foundation repository? A.PUBLIC
B.SASUSERS
C.ADMINISTRATORS ONLY
D.SAS SYSTEM SERVICES ONLY
correct_answer = "B"

 

As per my analysis the correct answer should be "C". My answer is supported with the attached screenshot. Kindly propose your views. Thanks, Pratik

 

 


Accepted Solutions
Solution
‎05-25-2017 01:52 AM
PROC Star
Posts: 392

Re: WriteMetadata access on the Foundation repository

To avoid further confusion, in my comment "I think the wording of the question could be improved for better clarity" I was talking about the certification sample question and not your SAS Communities question. I could do with writing with more clarity myself Smiley Wink

View solution in original post


All Replies
PROC Star
Posts: 392

Re: WriteMetadata access on the Foundation repository

From your screenshot it looks like you are looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in. That does show +WM only for the "SAS Administrators" group (and there are of course the implied unrestricted users).

 

I assume that question is posing the more useful question about what are default permissions, in the abscence of any other access controls, with respect to WriteMetadata on objects within the Foundation repository, as determined by the repository ACT for the Foundation repository, which is usually named Default ACT (by default). In which case it is (B) SASUSERS. The "SAS Administrators" and "SAS System Services" groups also get +WM in Default ACT but anyone who is a member of those groups must also be an implicit member of SASUSERS too. By elimination it is also none of A, C, or D (by default).

 

For more info on the (default) Default ACT see Permission Patterns in Predefined ACTs in the SAS 9.4 Intelligence Platform: Security Administration Guide.

 

To be pedantic, option (c) is somewhat ambigious too as there are various types of administrators. There are unrestricted administrators (members of the "Metadata Server: Unrestricted" role and those whose userids appear with an asterisk prefix in adminUsers.txt) who would always implicitly have +WM. Then there are restricted administrators: user administrators (members of the "Metadata Server: User Administration" role) and server administrator (members of the "Metadata Server: Operation" role) of which both roles have the "SAS Administrators" group as a member by default.  Then of course if you have other products like VA etc there are various other "administrators" groups and roles.

 

I understand the confusion. I think the wording of the question could be improved for better clarity.

Occasional Contributor
Posts: 9

Re: WriteMetadata access on the Foundation repository

Dear Paul,

 

 Thank you for your answer. I agree with your explanation. I will also explore the details in the attached link and get back to you in case of any confusion. Your assumption is right. I am looking at the Authorization tab for the Foundation repository in the SAS Management Console Metadata Manager plug-in. In addition I will explain my question in detail next time.

 

 

Solution
‎05-25-2017 01:52 AM
PROC Star
Posts: 392

Re: WriteMetadata access on the Foundation repository

To avoid further confusion, in my comment "I think the wording of the question could be improved for better clarity" I was talking about the certification sample question and not your SAS Communities question. I could do with writing with more clarity myself Smiley Wink

☑ This topic is SOLVED.

Need further help from the community? Please ask a new question.

Discussion stats
  • 3 replies
  • 275 views
  • 7 likes
  • 2 in conversation