Use and Enforcement of Each Permission
|
Permission (Abbreviation) |
Actions Affected and Limitations on Enforcement |
|
ReadMetadata (RM) |
View an item or navigate past a folder. For example, to see
an information map you need RM for that information map. To see or traverse
a folder you need RM for that folder. |
|
WriteMetadata (WM) |
Edit, delete, change permissions for, or rename an item. For
example, to edit a report you need WM for the report. To delete a report you
need WM for the report (and WMM for the report's parent folder). For containers
other than folders (such as repositories, libraries, and schemas), WM also
affects adding and deleting child items. For example, to add an item anywhere
in a repository you need WM at the repository level. For folders, adding and
deleting child items is controlled by WMM, not WM. |
|
WriteMemberMetadata (WMM) |
Add an item to a folder or delete an item from a folder. For
example, to save a report to a folder you need WMM for the folder. To remove
a report from a folder, you need WMM for the folder (and WM for the report).
To enable someone to interact with a folder's contents but with not the folder
itself, grant WMM and deny WM.1 |
|
CheckInMetadata (CM) |
Check in and check out items in a change-managed area. Applicable
only in an optional configuration for SAS Data Integration Studio.2 |
|
Administer (A) |
Monitor an OLAP server. Stop, pause, resume, refresh, or quiesce
a server or spawner. For the metadata server, the ability to perform these
tasks is managed by the Metadata Server: Operation role, not by the A permission. |
|
Read (R) |
Read data. For example, while you need RM for a cube in order
to see that cube, you need R for the cube in order to run a query against
it. Enforced for OLAP data, information maps, data that is accessed through
the metadata LIBNAME engine, and dashboard objects. |
|
Create (C) |
Add data. For example, on a table, C controls adding rows
to the table. Enforced for data that is accessed through the metadata LIBNAME
engine. |
|
Write (W) |
Update data. For example, on a table, W controls updating
the rows in the table. Enforced for data that is accessed through the metadata
LIBNAME engine, for publishing channels, and for dashboard objects. |
|
Delete (D) |
Delete data. For example, D on a library controls deletion
of tables from the library. Enforced for data that is accessed through the
metadata LIBNAME engine and for dashboard objects. |
1
A folder's WMM settings mirror its WM settings unless the
folder has explicit
![[white check box]](images/am-white.gif) or ACT
![[green check box]](images/am-green.gif) (green)
settings of WMM. A grant (or deny) of WMM on a folder becomes an inherited
grant (or deny) of WM on the items and subfolders in that folder. WMM is not
inherited from one folder to another.
2
In any change-managed areas of a foundation repository, change-managed
users should have CM (instead of WM and WMM). Change management is a SAS Data
Integration Studio feature. |
