|Users, Groups, and Roles|
Your roles and permissions determine which user management tasks you can perform. In a standard configuration, any member of the SAS Administrators group has the capabilities and permissions to perform almost all user management tasks.
The following table provides basic information:
|Metadata Server Role||Actions Supported|
|Unrestricted||Perform all identity management tasks.|
|User administration||Add, modify, and delete most identities.1|
|None||Update your personal logins in SAS Personal Login Manager.2|
Permission requirements apply. The User Manager capability
(which enables you to see the User Manager
plug-in in SAS Management Console) is also required.
2 If you have the User Manager capability, you can perform this task in SAS Management Console.
Here are some additional details:
A special rule prevents restricted user administrators from updating the unrestricted role.
In order to change a role's capabilities, restricted user administrators must also have the WriteMetadata permission on the associated software component. In the standard configuration, the SAS Administrators group has this grant.
To prevent a restricted user administrator from updating a particular identity, deny that user administrator the WriteMetadata permission on that identity's Authorization tab.
To delegate management of an existing identity to someone who isn't a user administrator, grant the WriteMetadata permission to the delegated administrator on the target identity's Authorization tab.
In the initial configuration in a new deployment, all registered users have the User Manager capability through SASUSERS membership in the Management Console: Content Management role.