Viewing and Assigning Permissions

View a User’s Permissions
Assign Permissions
Tips for Assigning Permissions

View a User’s Permissions

To view a user’s permissions:
  1. Click the Folders tab of SAS Management Console and navigate to a folder or object that you are interested in.
  2. Right-click the folder or object, and select Properties.
  3. In the Properties window, click the Authorization tab:
    Authorization tab in SAS Management Console
On this tab, the Users and Groups list box shows users and groups that currently participate in the object’s settings. The Effective Permissions list box shows the metadata-layer access that the selected user or group has to the current object.
Clear check boxes indicate an explicitly assigned permission. Green check boxes indicate that the permission comes from an access control template (ACT). Gray boxes indicate that the permission comes from somewhere else (for example, a group, a parent object, or the unrestricted role).

Assign Permissions

To assign permissions for the currently selected object or folder:
  1. On the Authorization tab, select a user or group. Alternatively, click Add to assign a permission to someone who is not listed.
  2. In the Effective Permissions list box, select or clear check boxes to adjust the settings for the currently selected identity. Each click updates the object’s protections by either adding an explicit control or removing an existing explicit control. Removing an explicit control reveals an underlying grant or denial either from an ACT or from a group, a parent object, or the unrestricted role.
  3. Repeat steps 1 and 2 for any other users or groups whose access to this object you want to adjust.
  4. Review the settings for each identity in the Users and Groups list box. Settings that you add for a group can affect access for all members of that group. For example, a denial that you add for the PUBLIC group blocks access for all restricted users, unless there are other explicit or ACT (green) grants. You must offset a broad explicit denial with explicit or ACT grants for any restricted identities whose access you want to preserve.
  5. Click OK to save the settings.

See Also

Access Management Tasks in SAS Management Console: Guide to Users and Permissions

Tips for Assigning Permissions

Here are some important tips for assigning permissions:
  • To obtain a thorough understanding of access management concepts and procedures, review the SAS Management Console: Guide to Users and Permissions.
  • When possible, assign permissions to groups rather than to individual users.
  • Create a folder structure that reflects the access distinctions that you want to make. Then, instead of setting permissions on each individual object, set permissions on the folders.
  • Consider using ACTs. ACTs are reusable patterns of settings that you can apply to multiple objects.
  • Assign denials to the broadest group (SASUSERS) and then add offsetting grants for users or groups whose access you want to preserve. Deny access at the highest point of control (for example, at the top of the folder tree) and then grant access back on specific containers or objects.
Copyright © SAS Institute Inc. All rights reserved.