BookmarkSubscribeRSS Feed
Fluorite | Level 6

Hi all, 

I want to give permssions to a group for just one report. I would like to know the best way to do that. 

The point is that I created a new group for this, I gave permission to the reports folder and then I denied permission for all reports one by one except the report I have to give permissions. 

I don´t like this way because the report´s folder can change, users can make new reports and I will have to deny permssions manually and must check all the reports every days. 

The metadata structure we have looks like: 

          "Image Files"

          "Libraries and tables"


          "STP" (stored process)

I gave permissions to the department folder and denied to individual reports inside reports folder. 


If it was possible I would like to do the opposite way, All denied and just give permissions to the folder/reports I´m interesting. 

Thanks in advance. 


Diamond | Level 26 RW9
Diamond | Level 26

Is this Visual Analytics or which software package?

Fluorite | Level 6
Sorry, Visual Analytics 7.4
Rhodochrosite | Level 12


There is a problem with the process of denying and then granting permission and that's because deny is stronger than grant!

I donät think you can deny on a folder level and then grant on the underlying object due to this.


I like to use permissions on folders and have folders for specific areas, one for each.

On the folder level I deny sasusers r/rm and grant r/rm to the user group(s) that should have access.


When new reports are created the only important thing to remeber is to put them in the correct folder 🙂


If you must (!) set permission on each report, I would go for scripting the permission. You can for example use the data step metadata-funtions or XML to achieve this.




Fluorite | Level 6

Thanks FredrikE, I will have to do your suggestion. I already have folder for department but I will have to create more folder for this cases. (Same department different project) 

Calcite | Level 5

I would like to restrict permissions on a SAS Viya Visual Analytics report.  I do, as you suggested, have permissions on a folder, as well as on the CASLIB that holds the data supporting the report, but I am talking about the report itself.  The permissions on the folder are read Grant, and everything else none.  But the user can actually go in and edit the report, such as change a chart, or move it around, etc. Is there something else I need to do to lock that down so that they literally can only read it? meaning open the report, navigate around, use the filters and charts already provided, but they can't change the chart (from a pie to a bar as example) or delete the chart, etc.  Thanks!


You can prevent users from editing any report, but you cannot restrict them from editing a particular report if they are assigned the editing capability. You can prevent the from saving the edited report in the same folder as the original report by denying write permission to the folder. 


I can post a link to the documentation on controlling capabilities in Visual Analytics, but I'll need to know your version. 

SAS Employee


is also available documentation to set report control capabilities on Viya4?



Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.

If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website. 

Register now!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 8 replies
  • 6 in conversation