Rule to restrict reports edit for custom user group

smm662002

Hello,

SAS VIYA Version LTS 2023.03

I am trying to restrict the SAS Visual Analytics reports edit for a user group and I have created the rule bellow:

Object_URI	Principal	Setting	Permissions
/SASVisualAnalytics_capabilities/edit	"My_custom_group_name"	Prohibit	Read

I have also kept the original rule:

Object_URI	Principal	Setting	Permissions
/SASVisualAnalytics_capabilities/edit	Authenticated Users	Grant	Read

When I tested the rule with the support of a colleagues from "My_custom_group_name" he was still able to enter the edit mode of the report.

Can you please advise what other rules I need to add so that users cannot edit reports.

Thank you,

smm662002

lapent

Good day,

Using explicit denials can make your security model more complex and harder to manage.

Instead, we generally recommend avoiding Prohibit rules and using selective grants to control access more effectively.

Rather than denying access to a group, it's better to grant access only to the group that should be allowed to edit reports.

In SAS Viya, users have no permissions by default—they must be explicitly granted access.

This documentation outlines the key concepts and includes a helpful example under the 'Example Instructions' section.

Thanks

Re: Rule to restrict reports edit for custom user group