Hi,
I have made some rules on Viya that allow members of a self-made User Admin group (UG_UserAdmin_<group1>) to manage another usergroup (UG_<group1>).
Object uri | Principal | Setting | Permissions | Description |
/identities/groups/UG_<group1>/userMembers/* | UG_UserAdmin_<group1> | Grant | Create, Update, Delete | UG_UserAdmin_<group1> can add or remove members of the UG_<group1> group |
/identities/groups/UG_<group1> | UG_UserAdmin_<group1> | Grant | Read | UG_UserAdmin_<group1> see the UG_<group1> group |
We have sets of rules like this for many different User Groups & corresponding User Admin Groups. This works like intended, but I would like to create a Global User Admin Group, that can administer all User groups. I know I can make this Global User Admin Group member of all individual User Admin Groups, but in some cases a User group does not have a User Administrator group, but I still want the Global User Admin Group to be able to administer this group. Allowing the Global User Admin Group to administer ALL groups would not be an option either, because the Global User Admin Group should only be allowed to administer a selection of the groups.
Is it possible to create a rule that is applied to Object Uri's following a certain naming convention. For example, I would like to apply a rule to every Object uri containing a certain substring ("/identities/groups/UG_" in this example)
Thanks for your reply! Your solution didn't quite work, but in the documentation about rule conditions here I found this table:
FunctionDescriptionType
contentType() | Content type of the target (for example, | String |
contentLength() | Length of the request. | long |
uri() | URI of the target. | String |
And it seems like I need to use uri() in my condition instead of requestUri(). I modified the rule to uri().contains('/identities/groups/UG_') and it works now.
Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.
If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website.