Provide Fine-Grained Access Using Permission Conditions

  1. Click the Authorization tab, and then click Open Authorization Information for the secured table object that corresponds to the metadata-bound library whose data sets you want to protect.
  2. Click the Basic tab.
  3. In the Select column, click the cell for the identity whose access you want to limit. Select Conditional grant to add an explicit grant of the Select permission for the selected identity.
    Note: If the identity is not already listed, click the plus icon at the right edge of the table to add the identity.
    Note: If Conditional grant is already selected, a condition already exists. Select Conditional grant to view or update the condition).
  4. In the New Permission Condition window, enter the WHERE clause for an SQL query that filters the data as appropriate for the selected identity. Do not include the WHERE key word in your entry.
    Tip
    To make dynamic, per-person access distinctions, you can use identity-driven properties as the values against which target data values are compared. Use the following syntax when you specify one of these properties: SUB::property-name (for example, SUB::SAS.Userid). For a list of available identity-driven properties, see SAS Intelligence Platform: Security Administration Guide.
    CAUTION:
    The syntax that you enter and save in the New Permission Condition window is not checked for validity.
    Make sure that the syntax that you entered is correct.
  5. Click OK. The cell contains the conditional grant icon conditional grant icon with an explicit control indicator explicit indicator icon.
  6. Save your changes.
Copyright © SAS Institute Inc. All Rights Reserved.
Last updated: February 22, 2018