![]() |
![]() |
Getting Started With Permissions |
Instead of setting every permission explicitly, use access control templates (ACTs). Each ACT consists of a pattern of grants and denials that are assigned to different users and groups. When you apply an ACT to an item, the ACT settings are added to the item's protections. When you want to assign the same settings to several disparate resources, using an ACT is beneficial for these reasons:
It is easier to apply a pattern than it is to set each permission individually on each resource for which the pattern is appropriate.
If you need to change access to the items to which a pattern is applied, you can simply update the permission pattern, rather than revisiting each resource and individually modifying the settings.
To learn more, complete this exercise in SAS Management Console:
Log on as someone who has a well-formed user definition.
On the Folders tab, right-click your My Folder
and select New Folder. Create a new folder named
test2.
Right-click the test2 folder and
select Properties. On the folder's Authorization tab, briefly examine the settings for each identity
in the Users and Groups list box. Notice that all
of the settings are indirect
.
To apply an ACT to the test2 folder:
Click Access Control Templates. In
the Add and Remove Access Control Templates dialog
box, expand the Foundation node
in the
Available list box and select Private User Folder ACT
.
Before you apply this ACT to the test2 folder, click Properties to verify the settings that this ACT provides. On the Permission Pattern tab, notice that this ACT provides denials of ReadMetadata, WriteMetadata, and CheckInMetadata permissions for the PUBLIC group, grants of these permissions for the SAS Administrators group, and a grant of ReadMetadata permission for the SAS System Services group.
Note: Each ACT's pattern
consists of only the explicit
settings on that ACT's Permission
Pattern tab. Settings that are unspecified (blank) on an ACT's
pattern have no effect when that ACT is applied to an item.
In the Add and Remove Access Control Templates
dialog box, move Private User Folder ACT
to the Currently Using list box. This adds that
ACT's settings to the access controls for the test2
folder. Any future changes to this ACT's permission pattern will affect access
to this folder.
Note: The Currently Using list box includes
only applied ACTs; so this list typically does not include the repository
ACT (default ACT).
Click OK to return to the Authorization tab. Notice that the PUBLIC denials of ReadMetadata,
WriteMetadata, and CheckInMetadata permissions now come from an ACT (those
denials are now green
). Select SAS Administrators and notice the green grants
of the same permissions. These
ACT settings override and hide the underlying indirect settings.
Click OK to close the Properties dialog box for the test2 folder.
Note: If you are restricted, an error message indicates that you can't
save the settings. Click OK to dismiss the message.
On the Authorization tab, select yourself and add
explicit
grants of ReadMetadata and WriteMetadata permissions. Click
OK.
To clean up, right-click the test2 folder and select Delete.
Several predefined ACTs are provided on the Plug-ins
tab under Authorization Manager Access
Control Templates. You can create additional ACTs
in this location.
See Also
![]() |
![]() |
Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.