Creating an ACT

Why Create Custom ACTs?

Several predefined ACTs are provided. To further centralize access management, create an ACT for each access pattern that you use repeatedly. Here are some common patterns and tips:

It is often useful to create ACTs to manage Read access for different business units.
It is often useful to create an ACT that manages Write access for a functional group that includes users from multiple business units.
You do not have to capture all of an object's protections in one ACT. You can use combinations of ACTs, explicit controls, and inherited settings to define access to an object.

Instructions

Access the Administration page.
From the Folders pane, navigate to SAS FoldersSystemSecurityAccess Control Templates.
Right-click Access Control Templates and select New Access Control Template.
In the New Access Control Template window, enter a name and description for the ACT. Click Save. The new ACT opens in its own tab.
On the AuthorizationACT Pattern tab:
1. Click . In the Add Identities window, select users and groups that will have explicit settings in the pattern. Click OK.
2. On the ACT Pattern tab, click cells and make selections from the drop-down list to define the ACT’s pattern.
On the ACT's Authorization tabs, protect the new ACT. For example, one approach is to add an explicit denial of WriteMetadata for PUBLIC and an offsetting explicit grant of WriteMetadata for SAS Administrators.

Note: It is important to prevent regular users from modifying or removing an ACT.
In the toolbar at the top of the tab, click to save the new ACT.
To use the ACT, apply it to one or more objects.

Note: The applied ACT contributes its pattern of access controls to the object's protections. The object can also have explicit controls and other applied ACTs (as well as inherited settings).
If necessary, adjust the ACT's pattern. The advantage of using an ACT is that you can change the pattern without revisiting the objects to which the pattern is applied.