Previous Page | Next Page

Permissions on Folders

Variation 2: Add Functional Separation

This example includes three custom groups that represent users who have specific job responsibilities (Data Admins, Map Creators, and Report Creators). Each division folder has separate subfolders for different types of content (data definitions, information maps, report definitions, and stored processes). Supplemental write access in each folder is limited to members of the appropriate functional groups as follows:

Note:   Access for these functional groups is also limited by departmental separations. For example, only DivisionA's report creators (and SAS Administrators) can add, update, and delete items in DivisionA's reports folder.  [cautionend]

The following figure depicts goals and group structure.

Variation 2: Folder and Group Structure

[Variation 2: Folder and Group Structure]

The following table lists the protections for the first six folders:

Variation 2a: Permission Settings (functional separation)
Folder Protections
Baseline ACTs Supplemental Grants
[icon]DemoBranch [icon]Protect

[icon]LimitData


[icon]DivisionA [icon]Hide [icon]Managers: +RM, +R

[icon]GroupA: +RM, +R

[icon]data definitions [icon]Protect* [icon]Data Admins: +WMM
[icon]information maps [icon]Protect* [icon]Map Creators: +WMM
[icon]reports [icon]Protect* [icon]Report Creators: +WMM
[icon]stored processes [icon]Protect* [icon]Map Creators: +WMM

[icon]Report Creators: +WMM

* You don't strictly need the Protect ACT here, because protections flow through from the DemoBranch folder (and aren't interrupted by any supplemental grants of WM or WMM on higher level folders). However, you do need the supplemental grants of WMM on these folders, so you might choose to also apply the Protect ACT here for clarity.

Here are some details about this example:

See Also

Use and Enforcement of Each Permission

Previous Page | Next Page | Top of Page