|Users, Groups, and Roles|
Each SAS user has identity information in two distinct realms:
In an authentication provider, the user has an account that can access the metadata server. See Identify or Create User Accounts.
In the SAS environment, the user has a definition that includes a copy of the account ID with which the user accesses the metadata server.
Coordination between the two realms establishes SAS users. Every SAS user is based on a match between these values:
the account ID with which a user authenticates
an account ID that is listed on that user's Accounts tab
The following figure depicts some examples:
Examples: User Accounts and User Definitions
Note: In the preceding figure, the term "user account" refers to an account in an authentication provider. The term "user definition" refers to a metadata object that represents the user. Someone who doesn't have an account that provides access to the metadata server can't connect to the server at all.
The following list and display provide details about user definitions:
On the Accounts tab, any Windows user ID must be fully qualified (for example, WindowsDomain\user-ID, MachineName\user-ID, or user-ID@company.com).
If you find that a user has only the PUBLIC identity even though the user has a user definition, examine the user's Accounts tab. The account ID might be missing, not accurately entered, or not properly qualified. Passwords and authentication domain assignments are never the cause of this problem. The match is based only on the account ID.
Users can maintain their own logins (with SAS Personal Login Manager or SAS Management Console) but can't make other changes to their definitions.
A user's Authorization tab does not determine what that user can do. This tab can affect the ability of other users to modify or delete this user.
For instructions for adding users, see Security Tasks.
A User Definition