Previous Page | Next Page

Security Tasks

Ensure Availability of Application Features

In general, the initial configuration provides appropriate access to application features. Most nonadministrative capabilities are available to either PUBLIC (everyone who can access the metadata server) or SASUSERS (those members of PUBLIC who have a well-formed user definition). To ensure availability of application features:

  1. Log on to SAS Management Console as an administrator (for example, sasadm@saspw).

  2. (Optional) Verify current role memberships.

    1. On the Plug-ins tab, select User Manager [icon].

    2. Clear the Show Users and Show Groups check boxes. The roles that exist in your deployment are displayed.

    3. Right-click any role, select Properties, and select the Members tab. The following table documents initial membership of the predefined roles in a new deployment. Not all deployments include all roles. For any unlisted roles, see the administrative documentation for the associated product or solution.

    Initial Role Memberships in a New Deployment
    Role Initial Members
    [icon]Add-In for Microsoft Office: Advanced [icon]PUBLIC
    [icon]Add-In for Microsoft Office: Analysis (Empty)1
    [icon]Add-In for Microsoft Office: OLAP (Empty)1
    [icon]BI Dashboard: Administration [icon]BI Dashboard Administrators
    [icon]Enterprise Guide: Advanced [icon]PUBLIC
    [icon]Enterprise Guide: Analysis (Empty)1
    [icon]Enterprise Guide: OLAP (Empty)1
    [icon]Management Console: Advanced [icon]SAS Administrators
    [icon]Management Console: Content Management [icon]SASUSERS
    [icon]Metadata Server: Operation [icon]SAS Administrators
    [icon]Metadata Server: Unrestricted [icon]SAS Administrator
    [icon]Metadata Server: User Administration [icon]SAS Administrators
    [icon]Web Report Studio: Advanced (Empty)2
    [icon]Web Report Studio: Report Creation [icon]PUBLIC2
    [icon]Web Report Studio: Report Viewing [icon]PUBLIC2
    1 In the initial configuration, the advanced role for this application provides a superset of this role's capabilities, so those capabilities are widely available even though this role has no members.

    2 In a migrated deployment, membership in the SAS Web Report Studio roles is different because the migration maps the roles from the previous release to the new 9.2 roles. An exception is that the ability to manage distribution lists is not preserved. See step 5c below.

  3. (Optional) Populate the analysis and OLAP roles for SAS Enterprise Guide and the SAS Add-In for Microsoft Office. Initially, only the advanced roles for these applications have members. This can create problems if you later choose to narrow the membership of these advanced roles. To ensure that you don't inadvertently disable the lower-level roles, make either SASUSERS or PUBLIC a member of the other roles for these applications.

  4. Make BI Dashboard administrative capabilities available.

    1. Right-click the BI Dashboard: Administration role, select Properties, and select the Members tab.

    2. Move SAS Administrators (or other identities) to the Current Members list.

  5. Make advanced SAS Web Report Studio features available.

    1. Right-click the Web Report Studio: Advanced role, select Properties, and select the Members tab.

    2. Move SASUSERS to the Current Members list.

      Note:    This broad approach makes the menu items for features such as creating cascading prompts and report linking, scheduling, and distribution available to all registered users. A narrower approach is to instead make the SAS Administrators group a member of this role.  [cautionend]

    3. On the Capabilities tab, notice that the Manage Distribution List capability isn't provided by this role. You can use any of these approaches to manage availability of this feature:

      • Do not select that check box. Only unrestricted users can use this feature.

      • Select this check box. All members of this role can use this feature.

      • Add this capability to a role that has limited membership (for example, the Management Console: Advanced role, which has the SAS Administrators group as a member).

      • Create a new role that offers only this capability. Make selected users or groups members of that role.

If you want to further adjust the initial role configuration, make changes on the Members tab of a role, make changes on the Capabilities tab of a role, or create a new role.

See Also

Roles Overview

Role Definitions

Main Administrative Roles

Differences Between Roles and Groups

Relationship Between Capabilities and Permissions

Previous Page | Next Page | Top of Page

Copyright © 2011 by SAS Institute Inc., Cary, NC, USA. All rights reserved.