To avoid repeatedly
adding the same explicit grants and denials to multiple pieces of
server metadata, create and use an ACT. If you want to enable regular
users to assign libraries, stored processes, or an OLAP schema to
a particular application server, supplement the ACT settings with
an explicit grant of WriteMetadata permission on that application
server.
The following table
depicts typical protections.
Example: Protecting Server Definitions
|
|
|
|
SASApp
|
Protect
|
DataAdmins: +WM
|
Each logical server inside SASApp
|
Protect
|
|
SASMeta
|
Protect
|
|
Other immediate children
of Server Manager
|
Protect
|
|
Note: The initial configuration
in a new deployment limits access to the logical workspace server
and the logical SAS DATA step batch server within SASMeta, so it
is not necessary to add protections to those components.