Administering Group and Role Membership

To administer group and role membership, use the User Manager plug-in in SAS Management Console.
Viewing Roles and Capabilities in SAS Management Console
Adding a User to a Group or Role
Creating New Groups and Roles
Modifying Roles

Viewing Roles and Capabilities in SAS Management Console

To view details about a role, open the User Manager plug-in in SAS Management Console, right-click the role, and select Properties. You can then view tabs that display the role’s members, capabilities, and contributing roles.
For example, the following display shows the capabilities for the Business Rules Manager: Rule Flow and Rule Set Designer role. These capabilities correspond to the description of this role in Predefined Roles and Capabilities for SAS Business Rules Manager.
SAS Management Console showing the roles and capabilities for SAS Business Rules Manager
Note: The preferred way to manage permissions for viewing vocabularies and lookup tables is by using capabilities under Vocabulary/Entity/Term and Lookup. The Manage Vocabulary/Lookup definitions capability is for compatibility with previous releases.
Note: Some roles have implicit capabilities that are not specified on the Capabilities tab.
The SAS Business Rules Manager capabilities control access to categories in the application. For example, the Rule Sets and Rule Flows categories do not appear when a user signs in to SAS Business Rules Manager if that user is not assigned to either of the following categories:
  • Business Rules Manager: Rule Flow and Rule Set Designer
  • Business Rules Manager: Rule Flow and Rule Set Read-Only
The Create/Update and Delete capabilities control access to specific object types. You can combine the category capabilities with the object capabilities to control access at whatever level is needed. For example, if you want a user to be able to view and edit rule flows only, the user should have only the following capabilities:
  • Manage Business Rule Flows/Sets for the Business Rules Plugin
  • Create/Update and Delete capabilities for Rule Flow objects
The following table describes the icons used in the Properties window.
Icon
Description
No capabilities icon
None of the capabilities in this category have been specified for this role.
Some capabilities icon
Some of the capabilities in this category have been specified for this role, either explicitly or through a contributing role.
All capabilities icon
All of the capabilities in this category have been specified for this role, either explicitly or through a contributing role.
Shaded check boxes indicate capabilities that come from contributing roles.

Adding a User to a Group or Role

In most cases, the best way to place a user in a role is to add the user to a group that belongs to the role. You can also add users directly to groups or roles.
To place a user in one of the predefined roles, you can add the user to one of the predefined groups. For example, to add a user to the Decision Manager Common: Administration role, add the user to the Decision Manager Common Administrators group.

Creating New Groups and Roles

The predefined groups and roles might be sufficient for many sites. Other sites might need to make application features available to users on either a broader or more granular basis than the predefined groups or roles allow.
You can use combinations of capabilities to create a new role. However, you can use only the capabilities that already appear in User Manager. You cannot create new capabilities.
For detailed information about roles and how to create them, see SAS Management Console: Guide to Users and Permissions.

Modifying Roles

The User Manager plug-in in SAS Management Console enables you to modify roles by selecting or deselecting different capabilities.
CAUTION:
No automated method can revert a role to its original set of capabilities.
Instead of adjusting the capabilities of a predefined role, consider creating a new role. This advice is especially important if you need to make major changes.
If you modify a role, then follow these best practices:
  • Do not rename the predefined roles. Renaming the predefined roles makes it difficult for SAS Technical Support to help you resolve problems.
  • Keep a record of the changes that you make.
When modifying a role, you can use only the capabilities that already appear in User Manager. You cannot create new capabilities.
For more information about roles and how to modify them, see SAS Management Console: Guide to Users and Permissions.
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: February 22, 2017