 |
|
| Getting Started With Permissions |
ACT Settings
Instead of setting every permission explicitly, use access control templates (ACTs). Each ACT consists of a pattern of grants and denials that are assigned to different users and groups. When you apply an ACT to an item, the ACT settings are added to the item's protections. When you want to assign the same settings to several disparate resources, using an ACT is beneficial for these reasons:
-
It is easier to apply a pattern than it is to set each permission individually on each resource for which the pattern is appropriate.
-
If you need to change access to the items to which a pattern is applied, you can simply update the permission pattern, rather than revisiting each resource and individually modifying the settings.
To learn more, complete this exercise in SAS Management Console:
-
Log on as someone who has a well-formed user definition.
-
On the Folders tab, right-click your My Folder
![[my folder icon]](images/myfolder.gif)
and select New Folder. Create a new folder named
test2. -
Right-click the test2 folder and select Properties. On the folder's Authorization tab, briefly examine the settings for each identity in the Users and Groups list box. Notice that all of the settings are indirect
![[grey check box]](images/am-grey.gif)
. -
To apply an ACT to the test2 folder:
-
Click Access Control Templates. In the Add and Remove Access Control Templates dialog box, expand the Foundation node
![[icon]](images/small-repository.gif)
in the
Available list box and select Private User Folder ACT
![[icon]](images/small-act.gif)
. -
Before you apply this ACT to the test2 folder, click Properties to verify the settings that this ACT provides. On the Permission Pattern tab, notice that this ACT provides denials of ReadMetadata, WriteMetadata, and CheckInMetadata permissions for the PUBLIC group, grants of these permissions for the SAS Administrators group, and a grant of ReadMetadata permission for the SAS System Services group.
Note: Each ACT's pattern consists of only the explicit
Click Cancel to return to the list of ACTs that are applied to the test2 folder.![[white check box]](images/am-white.gif)
settings on that ACT's Permission
Pattern tab. Settings that are unspecified (blank) on an ACT's
pattern have no effect when that ACT is applied to an item. ![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
-
In the Add and Remove Access Control Templates dialog box, move Private User Folder ACT
to the Currently Using list box. This adds that
ACT's settings to the access controls for the test2
folder. Any future changes to this ACT's permission pattern will affect access
to this folder.Note: The Currently Using list box includes only applied ACTs; so this list typically does not include the repository ACT (default ACT).
-
Click OK to return to the Authorization tab. Notice that the PUBLIC denials of ReadMetadata, WriteMetadata, and CheckInMetadata permissions now come from an ACT (those denials are now green
![[green check box]](images/am-green.gif)
). Select SAS Administrators and notice the green grants
of the same permissions. These
ACT settings override and hide the underlying indirect settings. -
Click OK to close the Properties dialog box for the test2 folder.
Note: If you are restricted, an error message indicates that you can't save the settings. Click OK to dismiss the message. On the Authorization tab, select yourself and add explicit
grants of ReadMetadata and WriteMetadata permissions. Click
OK.
-
-
To clean up, right-click the test2 folder and select Delete.
Several predefined ACTs are provided on the Plug-ins
tab under Authorization Manager ![[arrow]](../../../../common/63294/HTML/default/images/arrow.gif){kind=icon}
Access
Control Templates. You can create additional ACTs
in this location.
See Also
|
|
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.