Roles and Capabilities in SAS Lineage

Overview

When you log on to SAS Lineage from SAS data management applications, you are granted access to applications and features based on the roles and capabilities that are associated with your login. Typically, these roles are assigned to a group to which you belong. For example, by default, members of the Data Management Business Users group have the Data Management: Lineage role. This role has one capability: ViewApplication, which enables access to SAS Lineage. Without this capability, you cannot access the SAS Lineage application.

Default Groups, Roles, and Capabilities

The following groups, roles, and capabilities are installed in SAS Management Console when SAS Lineage is installed.
Role Name
Role Description
Capability IDs
Groups That Get This Role by Default
Data Management: Lineage
Provides default access to the SAS Lineage application.
ViewApplication
Data Management Stewards, Data Management Business Users, Data Management Business Approvers, Data Management Power Users, and Data Management Executives
Lineage: Administration
Provides all functionality related to administrative activities for the SAS Lineage application.
ViewApplication, UpdateRelationships
Data Management Administrators
The ViewApplication capability gives you default access to SAS Lineage. Without this capability, the SAS Lineage application link is not present for this user. The UpdateRelationships capability enables you to apply changes to the Relationship Service (for example, Import Relationships). This capability is intended to control access to the Import Relationships window and to the user interface’s facility for creating equivalent relationships. If the capability is not granted to you as the current user, the Import Relationships and Create Equivalent Relationships actions are disabled.
The Data Management: Lineage role should be assigned to any user who needs access to the SAS Lineage application but who is not permitted to update any relationship data. These users cannot import relationships. The Lineage: Administration should be assigned to any user who needs full access to the SAS Lineage application. This full access includes the ability to import relationship via the SAS Lineage user interface.

Define Users and Link Them to Groups (and Roles)

SAS Lineage is installed as part of a bundle of products. After installation, an administrator uses SAS Management Console to perform the following tasks:
  • Create a user definition for each person who uses SAS Lineage.
  • Create any custom groups (and roles) that you might require if the default groups provided by SAS Lineage do not meet your needs.
  • Assign each user to one or more of the default or custom groups in order to grant each user the capabilities that he or she requires.
For more information about defining users and groups in SAS Management Console, see SAS Management Console: Guide to Users and Permissions.

Usage Notes for Roles and Capabilities

Capabilities cannot grant privileges in excess of those that are granted by other, relevant systems. For example, suppose that you have the capability called UpdateRelationships. This capability alone is not sufficient to update relationships in another application. To do that, you (or a group to which you belong) must be a member of an appropriate group for that application.