BookmarkSubscribeRSS Feed
sas_9
Obsidian | Level 7


Hi all, i am sorry to post SAS MC inssue under EG but didn't find any individual pan for SAS MC.

I would really appreciate if someone can tell me what difference follwoing sings can make when you are giving permission to individual user or a group on AUTHORIZATION tab in SAS MC?

Thanks.

ColorTermSignificance

clear

ExplicitThe permission is set on the current item and individually assigned to the selected identity.

Green

ACTThe permission comes from an applied ACT whose pattern explicitly assigns the grant or denial to the selected identity.

Gray
IndirectThe permission comes from someone else (a group that has an explicit or ACT setting) or somewhere else (a parent item or the repository ACT).2
1 Explicit settings are usually white because the background color for the permissions list is usually white. 

2 For the WriteMemberMetadata permission, gray can indicate that the setting mirrors the WriteMetadata setting. For an unrestricted user, gray indicates a grant that can't be removed.

2 REPLIES 2
PaulHomes
Rhodochrosite | Level 12

Hi,

Explicit settings (also known as Access Control Entries or ACEs) are applied specifically to that object for that identity (user or group).  It is recommended that these be used sparingly at best (and some might say not at all).

Access Control Templates (ACTs) allow you to define commonly used patterns of permissions and identities as a bundle and apply them to one or more objects.  These have the benefit of defining the rules in one place so that when the rules change the ACT can be changed and the permissions it imparts automatically flow to those objects to which it was originally applied (and indirectly to child objects too).  ACTs are commonly applied to metadata folders to protect entire branches of sub folders and the objects they contain (indirectly).

Indirect permissions are the result of permissions applied elsewhere (either on the same object for another group in the users identity hierarchy, or from another parent object in the object's inheritance path).

For a much more thorough understanding I would recommend reading through the Authorization Model section in the SAS 9.3 Intelligence Platform: Security Administration Guide.

I'd also suggest attending the SAS Platform Administration: Fast Track course if you will be regularly managing the security for a SAS platform installation.  It has an entire chapter on authorization with lots of examples and exercises.

I would also suggest reading an excellent paper on best practices by Cecily Hoffritz & Johannes Jørgensen: SAS Global Forum 2011 Paper 376-2011 Best Practice Implementation of SAS® Metadata Security at Custo.... The paper presents a few golden rules which, when followed, make metadata security much easier and more manageable.  I also had an example of the type of thing that can go wrong when you deny permissions to identities other than the implicit groups (SASUSERS and PUBLIC) in a SAS Forum Australia & New Zealand 2010 presentation on Best Practices with SAS® 9 Metadata Security (specifically Slides 15 & 16: Wide Denials, Narrow Grants).

Hope this helps.

Cheers

Paul

sas_9
Obsidian | Level 7

Thanks for your reply Paul. There are lots of article out there regarding security and permission and al...but i am assuming best way to learn is from colleagues and comunity. I will also use some more reply on this.

Thanks.

sas-innovate-2024.png

Join us for SAS Innovate April 16-19 at the Aria in Las Vegas. Bring the team and save big with our group pricing for a limited time only.

Pre-conference courses and tutorials are filling up fast and are always a sellout. Register today to reserve your seat.

 

Register now!

SAS Enterprise Guide vs. SAS Studio

What’s the difference between SAS Enterprise Guide and SAS Studio? How are they similar? Just ask SAS’ Danny Modlin.

Find more tutorials on the SAS Users YouTube channel.

Click image to register for webinarClick image to register for webinar

Classroom Training Available!

Select SAS Training centers are offering in-person courses. View upcoming courses for:

View all other training opportunities.

Discussion stats
  • 2 replies
  • 2164 views
  • 1 like
  • 2 in conversation