SAS(R) 9.2 Intelligence Platform: Security Administration Guide
 |
|
| Users, Groups, and Roles |
Who Can Manage Users, Groups, and Roles?
Your roles and permissions determine which user management tasks you can perform. In a standard configuration, any member of the SAS Administrators group has the capabilities and permissions to perform almost all user management tasks.
The following table provides basic information:
| Metadata Server Role | Actions Supported |
|---|---|
| Unrestricted | Perform all identity management tasks. |
| User administration | Add, modify, and delete most identities.1 |
| None | Update your personal logins in SAS Personal Login Manager.2 |
| 1
Permission
requirements apply. The User Manager capability (which enables
you to see the User Manager plug-in in SAS Management
Console) is also required.
2 If you have the User Manager capability, you can perform this task in SAS Management Console. |
|
Here are some additional details:
-
A special rule prevents restricted user administrators from updating the unrestricted role.
-
In order to change a role's capabilities, restricted user administrators must also have the WriteMetadata permission on the associated software component. In the standard configuration, the SAS Administrators group has this grant.
-
To prevent a restricted user administrator from updating a particular identity, deny that user administrator the WriteMetadata permission on that identity's Authorization tab.
-
To delegate management of an existing identity to someone who isn't a user administrator, grant the WriteMetadata permission to the delegated administrator on the target identity's Authorization tab.
-
In the initial configuration in a new deployment, all registered users have the User Manager capability through SASUSERS membership in the Management Console: Content Management role.
See Also
|
|
Copyright © 2009 by SAS Institute Inc., Cary, NC, USA. All rights reserved.
