BookmarkSubscribeRSS Feed
Pyrite | Level 9

Hello all,


I have the following problem:

I've got 2 lasr Libraries LASR_A, LASR_B.


User Fred should be able to create only reports on data in LASR_A. Though, he can ONLY view the reports from user Sara on data coming from LASR_B. He should NOT be able to create reports on data coming from LASR_B.


How does my folder structur should look like? Which authorizations will i have to set? 

Is it even possible? I don't want user Fred to make reports on data which he does not know well enough.






Obsidian | Level 7

Security is a complex and big area, but the short answer is yes - you can achieve what you want. Best practice would be: put your user in different groups (based on what the groups should be able to do), create two different ACTs per groups (one ATC with read permissions r, rm, and one with write permissions w, wm). Create a folder structure that reflects the permission pattern you try to achieve, and add the ACT's to the folder structure (top level, object inheritance will take care of  metadata objects at a lower level, including your libraries). Not possible to give a detailed answer in a comment, so I recommend you to read up a bit - here are a couple of good links:


Design for Success: An Approach to Metadata Architecture for Distributed Visual Analytics


Security Scenario for SAS® Visual Analytics


Pyrite | Level 9
Thanks Erik, i will read through your documents.

In your example, Fred will still be able to create reports on the data (coming from LASR_B) he is only allowed to see. Though he will not be able to save this reports in the folder reports_B, but he can in the folder reports_A. Or am I missing something?
Obsidian | Level 7

Hi Filip, you are correct - with read access to a table you can create a report based on it, but you are not able to save the report unless you have write access to the folder you want to save it to. Unless the data are sensitive, I give all users read access - but create a separate folder for "official reports" that only data administrators have write access to. That way users can get to know the data, play around with it, but only save the results/reports to their own personal folder (or a shared folder for drafts). Re-reading your original question, I see I was to quick - to open a report (view), you also need read permission on the table. That implies you can create a report based on the table, you are only able to restrict where the report can be saved.



Time is running out to save with the early bird rate. Register by Friday, March 1 for just $695 - $100 off the standard rate.


Check out the agenda and get ready for a jam-packed event featuring workshops, super demos, breakout sessions, roundtables, inspiring keynotes and incredible networking events. 


Register now!

Tips for filtering data sources in SAS Visual Analytics

See how to use one filter for multiple data sources by mapping your data from SAS’ Alexandria McCall.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 2 in conversation