cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
RogerHed
Obsidian | Level 7 RogerHed
Obsidian | Level 7

How do we enable users for Add-In for Microsoft Office (AMO) and prevent others?

Posted 05-15-2019 06:26 AM (912 views)

Using AMO 7.15 and SAS 9.4M5.

 

The requirements

1) To prevent non-approved users from using AMO, even if installed .

2) Prevent non-approved users to access Data using AMO, even if installed.

 

We want to use Active Directory (AD) to set users that can use AMO. So we created a group for that and let it synchronize with a Metadata group. The Metadata group was included in the Role "Add-In for Microsoft Office: Advanced" and all other memberships was removed from all AMO Roles.

When testing we realized this didn't work at all. All users that have AMO installed can do everything that the AMO Advanced Role specify even if they are not included in any AMO Role (like copy, print and save content).

 

How do we perform this in a best practice?

0 Likes
Reply
3 REPLIES 3
RogerHed
Obsidian | Level 7 RogerHed
Obsidian | Level 7

Re: How do we enable users for Add-In for Microsoft Office (AMO) and prevent others?

Posted 05-15-2019 10:07 AM (887 views)  |   In reply to Kurt_Bremser
We don't have SASUSER in any Group or Role connected to any AMO roles.
0 Likes
Reply
CaseySmith
SAS Employee CaseySmith
SAS Employee

Re: How do we enable users for Add-In for Microsoft Office (AMO) and prevent others?

Posted 05-28-2019 10:44 PM (763 views)  |   In reply to RogerHed

Add the PUBLIC and/or SASUSERS groups to a new or existing AMO role that you want to restrict, and then set the AMO capabilities how you want them restricted.  In this way, you'll have one group of users in the AMO:Advanced role, who are allowed to use AMO, and then all the other users (PUBLIC and SASUSERS) in the restricted role.

 

It is also important to note that the role metadata capabilities are version specific.  In other words, you have to make sure that one of the versions of the AMO role metadata capabilities in metadata matches the version of AMO your end users are using.  For example, if they are using AMO 7.1x, then you should have the AMO 7.1 role capabilities in metadata.

 

Casey


Register today and join us virtually on June 16!
sasglobalforum.com | #SASGF

View now: on-demand content for SAS users
0 Likes
Reply

Ready to join fellow brilliant minds for the SAS Hackathon?

Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.

Register today!
Discussion stats
  • 3 replies
  • ‎05-15-2019 06:26 AM
  • 913 views
  • 0 likes
  • 3 in conversation