Who's Who in the SAS Metadata

The following table provides quick reference information for the main predefined identities. The descriptions reflect the initial configuration in a new deployment. You can choose to redistribute privileges in a more or less granular approach.
Selected SAS Identities
SAS Identity
Description
user SAS Administrator
A predefined super user that has unrestricted access in the metadata layer.
user SAS Demo User
A predefined first user that can be useful for demonstrations.
user SAS Trusted User
A service identity that can act on behalf of other users.
user SAS Anonymous Web User
A service identity that can provide anonymous access for a few Web components.1
group SAS General Servers
A service group that enables its member (the SAS Trusted User) to see server launch credentials.2
group SAS System Services
A service group that enables its member (the SAS Trusted User) to see servers, cubes, and other objects.
group PUBLIC
Everyone who can access the metadata server.
group SASUSERS
Everyone who has a well-formed user definition (a subset of PUBLIC).
group SAS Administrators
General metadata administrators. Membership in this group provides broad access to metadata, but doesn't provide unrestricted access.
role Metadata Server: Unrestricted
A highly privileged role that provides unrestricted access in the metadata layer.
role Metadata Server: User Administration
A role that enables members to manage most users, groups, and roles, but doesn't provide visibility for any plug-in.
role Metadata Server: Operation
A role that enables members to perform most server administration activities, but doesn't provide visibility for any plug-in.
role Management Console: Advanced
A role that enables members to see all of the SAS Management Console plug-ins that are under role management in the initial configuration.
role Management Console: Content Management
A role that enables members to see a subset of SAS Management Console plug-ins.
1For only SAS BI Web Services and the SAS Stored Processes application. Not for other Web applications such as SAS Web Report Studio. Anonymous access is an optional feature that is not compatible with Web authentication.
2Server launch credentials (for example, the SAS Spawned Servers account, sassrv) are stored in logins on the Accounts tab of the SAS General Servers group. This facilitates launching of stored process servers and pooled workspace servers.

See Also

Overview of Initial Roles, Groups, and Users in SAS Intelligence Platform: System Administration Guide
Copyright © SAS Institute Inc. All rights reserved.